From owner-freebsd-questions@freebsd.org Sun Nov 12 13:29:32 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CB43E71B27 for ; Sun, 12 Nov 2017 13:29:32 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D025F67B7C for ; Sun, 12 Nov 2017 13:29:31 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x233.google.com with SMTP id i38so3406856iod.2 for ; Sun, 12 Nov 2017 05:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=GskxTNsYrx60+o0Eoa3HXC92+kHmQ2Z9eYADjEsDPM4=; b=kfT4lz8nQLJRiBvgiYq2YVG19IpZToWCipjtcA/9Re2jJdudGNiEOGnBghSB8ek1S/ oFY1I+XL3GeDkt1LO88Hi6BsoVKAZfRPoIfjvlTR4RfLiVwwQa/MUfaimnumMXsAvJpj eMGRBYslzl31YA6Tm0bwRLKX4WKUSsWcIRAlzfKCy91KSOkctxoWx69HfQZFd7923NVw drOYSGuGJFtSTg9PZyX0JEYrGwhWa2JOvf84t4tqjqijkQZr3EOV6Rv+cStTvjjdtjEe FSuvW3aAlapmDlJuHcS4+5uqot/oCmr5QwNEsTxm6dJCzlVj6X3UzpgvJfo/SV6A7y1j c81Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=GskxTNsYrx60+o0Eoa3HXC92+kHmQ2Z9eYADjEsDPM4=; b=U8UT6IRbkxOWSprk2AZOY9C4vXiKJ7XtLgKxWquGON0iosBT4P2s//r2MGfZ95A+Dc u1jr8wH7qE3nDhys8aAl7WDTNb3ffvzwjn1dEfB80o4uURtKoXYIP8kzA6l4zVtPtO2S e8+sdAw7AJHddy+IiZFcekO2eXCVWzeGa1TzlHxIA0qsILqQRksuXiediMqgLfC1yUCP 3SCCW0sS13g8QjiKzIKlIm3or+vOHCGGxWSvG9qfT7QbOaSQiSbQwhxQiTvM+lRBafJZ BWqWKoAnugjRwmr/LorzVEz3cLdE7c8ymWospp8N59GoG8Xk1pdrcSaXTjQVQDL4+VXP pSkA== X-Gm-Message-State: AJaThX7wjOdrruKCcfYL6ofoN8rvQIUQmRlbHPnipnKWxQ9uBddPkZqK Xn6tUT4OxZQto0s6OyMa4TPoVw== X-Google-Smtp-Source: AGs4zMYkloUfjPc/HALuEankvhQdlKX1GG2//FbEysTLW9+s7sDdJTinT/8i50JxC8G20U+jYf0f6g== X-Received: by 10.107.46.32 with SMTP id i32mr6322031ioo.8.1510493371123; Sun, 12 Nov 2017 05:29:31 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id q15sm6390580ioh.29.2017.11.12.05.29.30 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 12 Nov 2017 05:29:30 -0800 (PST) Message-ID: <5A084CBA.7090204@gmail.com> Date: Sun, 12 Nov 2017 08:29:30 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: List of OS in BSD family Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 13:29:32 -0000 I know of FreeBSD and OpenBSD as members in the BSD family of operating systems. Are there others and what are their names? From owner-freebsd-questions@freebsd.org Sun Nov 12 13:38:39 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9C8EE71EFC for ; Sun, 12 Nov 2017 13:38:39 +0000 (UTC) (envelope-from bourne.identity@hotmail.com) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-oln040092064076.outbound.protection.outlook.com [40.92.64.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4EB646806A for ; Sun, 12 Nov 2017 13:38:38 +0000 (UTC) (envelope-from bourne.identity@hotmail.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HiAFpbt/DbRqAV6k5yudKiX/13bYJdzwWXW+U622XRw=; b=Eysh6n3yNl2cG4t/xhUA2ENaVZ0orjBuMrm9VpapHvlcVFBhrbf/tQX0wP8m+CI/CmeQ0o9wFsr16hCzST1WwIzTteL1xc73deagjbiXRWrpwFLeVfq4LKZLHnBTXcgd/XD2z5qGxY9Dq7WxGia9iQnES9UGE0eieCw3eQHiwXMPw85xEvRiYfj4tDCI9wW8WjK3JvWSanz4J7G3HhX8VgxPLKH13ju2pxN70cfIHoAH+gW8n15ZjA/qn1SCLjLc7fZ0K7OJzb4lx0Zbj3J9AEMf7FKH0yUDvhn7RVMBv719fnGdKOsDmdeq7XJ36Mua3tNCPYOFPx9WVsW3wnSiYA== Received: from VE1EUR01FT007.eop-EUR01.prod.protection.outlook.com (10.152.2.55) by VE1EUR01HT223.eop-EUR01.prod.protection.outlook.com (10.152.3.189) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.197.9; Sun, 12 Nov 2017 13:38:35 +0000 Received: from VI1PR02MB1200.eurprd02.prod.outlook.com (10.152.2.59) by VE1EUR01FT007.mail.protection.outlook.com (10.152.2.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.197.9 via Frontend Transport; Sun, 12 Nov 2017 13:38:35 +0000 Received: from VI1PR02MB1200.eurprd02.prod.outlook.com ([fe80::8894:2684:5d11:4b5c]) by VI1PR02MB1200.eurprd02.prod.outlook.com ([fe80::8894:2684:5d11:4b5c%13]) with mapi id 15.20.0218.011; Sun, 12 Nov 2017 13:38:35 +0000 From: Manish Jain To: Ernie Luzar , "freebsd-questions@freebsd.org" Subject: Re: List of OS in BSD family Thread-Topic: List of OS in BSD family Thread-Index: AQHTW7pU/TxmIcd9nU2xRXGFAbSd5KMQv0IA Date: Sun, 12 Nov 2017 13:38:35 +0000 Message-ID: References: <5A084CBA.7090204@gmail.com> In-Reply-To: <5A084CBA.7090204@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=hotmail.com; x-incomingtopheadermarker: OriginalChecksum:6BC98180F9F85ED49423D2CC4977D8D311DD31F02B2F01486015B6B57DC9CAE7; UpperCasedChecksum:2AEC6E8D532847E3545117C4C908B5D91A3D08DB52F5278FADAB16F9FD2CF9CF; SizeAsReceived:7036; Count:46 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [05yVgzlSXNrKjnVSyPjw6CILn4DThV8t] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VE1EUR01HT223; 6:68asa+bhEUhSxboUhqQoWP6SnJ+nFFNY5TwNIfEegjY/EHXL7N6W/9XnRgU27bF2IHpWGQlw/d3RtSyudce48XBgxYMddAzLfFwmNzwNjR5tnhA+osBlvD2NYrAKMLPWpfp55EGVudi2R2+pYAiqKEO2JVPAssxZmACu+B1flQSU52FizJeFslDhZWG8jMWI96q0KtQHQ0Wryr3SMcNBwHuHg5eS5FsBwk8Wnl1k6P1Fu3p9uMldOjSZNLdcQ4hGydcWaCaIcvVpPaQGzPmexpx02gO2mU4/whVaKyVpPxXkNPcgOf29n0+1U0StcupH+aNlbnMjujetnTiq5txv+nSzJpXmhMZZR3uX8r4bEDA=; 5:YKDpR9TW4D8UMtijPxrHA93e3+uvzDLzqH6bjzx3gw2KS5xlbiT7wk+R1arn4ZZ5mpfQ9hiUVf/e+9PKs0eLxXWuow69xToLn8CAYKhyABzXMAgHjaXnof0xMHS/7nqfb4TUHUm7TYd3IB34ZpWFWkKfMatDOdcL3U3Ry2rmj9o=; 24:5cIr3nUzDdhG9w1eD8rvhQIDfjvxAk4waSU2YcDwemnsszdSTUmLwRqxvOVstQ9+qEWdqspXmNFlhfgProSe5AKd0NZBGk81edLvz8Hj4uY=; 7:j/h6IKnwQKjBF2l5TyIZPdXLE722/JS4tYesCbo26/31gW9ZTpabVUXDOGI+Ycnm/6fWqhkQwZlbiNVyEOqMers6ojS7jdUBGa+aGSRuAMbq1o8wQS30Qd0BZOjlFZzf8jO0wuGoYW2ykP1BQawJ7urRz0Fvbh7sd2WrVhA4Q+bEgpdIHy+8mmoGwxgcBR1txU+F+pI/aWbpFLtvf0J74CmxFnHugqpcdX2JJAx1KMS1mopjX2Kaq2CYtx0G7oAV x-incomingheadercount: 46 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 3281d898-ab34-45be-2916-08d529d2abc2 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:VE1EUR01HT223; x-ms-traffictypediagnostic: VE1EUR01HT223: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:VE1EUR01HT223; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VE1EUR01HT223; x-forefront-prvs: 0489CFBAC9 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:VE1EUR01HT223; H:VI1PR02MB1200.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <72550C292CADBF4F87E8F49A4D799DDC@eurprd02.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3281d898-ab34-45be-2916-08d529d2abc2 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2017 13:38:35.4136 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR01HT223 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 13:38:39 -0000 DQoNCk9uIDExLzEyLzE3IDE4OjU5LCBFcm5pZSBMdXphciB3cm90ZToNCj4gSSBrbm93IG9mIEZy ZWVCU0QgYW5kIE9wZW5CU0QgYXMgbWVtYmVycyBpbiB0aGUgQlNEIGZhbWlseSBvZiBvcGVyYXRp bmcgDQo+IHN5c3RlbXMuIEFyZSB0aGVyZSBvdGhlcnMgYW5kIHdoYXQgYXJlIHRoZWlyIG5hbWVz Pw0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBm cmVlYnNkLXF1ZXN0aW9uc0BmcmVlYnNkLm9yZyBtYWlsaW5nIGxpc3QNCj4gaHR0cHM6Ly9saXN0 cy5mcmVlYnNkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZyZWVic2QtcXVlc3Rpb25zDQo+IFRvIHVu c3Vic2NyaWJlLCBzZW5kIGFueSBtYWlsIHRvIA0KPiAiZnJlZWJzZC1xdWVzdGlvbnMtdW5zdWJz Y3JpYmVAZnJlZWJzZC5vcmciDQoNCk5ldEJTRA0K From owner-freebsd-questions@freebsd.org Sun Nov 12 13:39:21 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A1C7E71F91 for ; Sun, 12 Nov 2017 13:39:21 +0000 (UTC) (envelope-from weaver@riseup.net) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 128936812B for ; Sun, 12 Nov 2017 13:39:20 +0000 (UTC) (envelope-from weaver@riseup.net) Received: from piha.riseup.net (unknown [10.0.1.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 7AC571A14F0 for ; Sun, 12 Nov 2017 05:39:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1510493960; bh=MgeDw8TwayywZSIuc51ZrkcDxliIWjIARPMCqVtHd+U=; h=Date:From:To:Subject:In-Reply-To:References:From; b=qWWQBLkU63d7YhNq7eqb6w3TqI4ED3sGbDrwjuBL461IHKZh0ZmSUm5UmmtJq4h5F GVQV/M/uXVKgF2QaITGcR0e02ZuSdnzwtiyBCC+D+YdTjEXBD5UXh86RSfuCqN/jTo DDOpqpue/V1TwL8omJI66mVOoUNZwuvMWTPRjh5k= X-Riseup-User-ID: 50D0E0CE3356E24FD375217A2C774F17752600A866FD993E2788688100BE2AAF Received: from [127.0.0.1] (localhost [127.0.0.1]) by piha.riseup.net with ESMTPSA id 5A1ED1EE58E for ; Sun, 12 Nov 2017 05:39:20 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Sun, 12 Nov 2017 05:39:20 -0800 From: Weaver To: freebsd-questions@freebsd.org Subject: Re: List of OS in BSD family In-Reply-To: <5A084CBA.7090204@gmail.com> References: <5A084CBA.7090204@gmail.com> Message-ID: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 13:39:21 -0000 On 2017-11-12 23:29, Ernie Luzar wrote: > I know of FreeBSD and OpenBSD as members in the BSD family of > operating systems. Are there others and what are their names? http://bsd.org/ https://en.wikipedia.org/wiki/List_of_BSD_operating_systems -- "It is the duty of the patriot to protect his country from its government." -- Thomas Paine Registered Linux User: 554515 From owner-freebsd-questions@freebsd.org Sun Nov 12 13:59:50 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AF37E725EE for ; Sun, 12 Nov 2017 13:59:50 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay15.qsc.de (mailrelay15.qsc.de [212.99.187.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 87A3E68B1B for ; Sun, 12 Nov 2017 13:59:48 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay15.qsc.de; Sun, 12 Nov 2017 14:59:40 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 77BDA3CBF9; Sun, 12 Nov 2017 14:59:38 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vACDxc1E001945; Sun, 12 Nov 2017 14:59:38 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sun, 12 Nov 2017 14:59:38 +0100 From: Polytropon To: Ernie Luzar Cc: "freebsd-questions@freebsd.org" Subject: Re: List of OS in BSD family Message-Id: <20171112145938.cb0488ab.freebsd@edvax.de> In-Reply-To: <5A084CBA.7090204@gmail.com> References: <5A084CBA.7090204@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay15.qsc.de with BD06C6E4A30 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1592 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 13:59:50 -0000 On Sun, 12 Nov 2017 08:29:30 -0500, Ernie Luzar wrote: > I know of FreeBSD and OpenBSD as members in the BSD family of operating > systems. Are there others and what are their names? You can find out easily - without Internet access, from the following locally installed file: /usr/share/misc/bsd-family-tree Depending on what special "relationships" you are searching for ("ancestors", "siblings", "descendants"), this file will provide the information. One BSD derivate you won't find in there is DEMOS, a UNIX operating system based on an early BSD for the K1810 family of computers produced in the GDR (in the 1970s/1980s). ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sun Nov 12 14:23:49 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42E13E72C36 for ; Sun, 12 Nov 2017 14:23:49 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from mail.pettijohn-web.com (pettijohn-web.com [108.61.222.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pettijohn-web.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1814569648 for ; Sun, 12 Nov 2017 14:23:48 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from FreeBSD (50.59.65.174 [50.59.65.174]) by mail.pettijohn-web.com (OpenSMTPD) with ESMTPSA id 6217d138 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Sun, 12 Nov 2017 08:23:45 -0600 (CST) Date: Sun, 12 Nov 2017 08:23:26 -0600 From: Edgar Pettijohn To: Polytropon Cc: Ernie Luzar , "freebsd-questions@freebsd.org" Subject: Re: List of OS in BSD family Message-ID: <20171112142326.GA52428@FreeBSD> References: <5A084CBA.7090204@gmail.com> <20171112145938.cb0488ab.freebsd@edvax.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171112145938.cb0488ab.freebsd@edvax.de> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 14:23:49 -0000 On Sun, Nov 12, 2017 at 02:59:38PM +0100, Polytropon wrote: > On Sun, 12 Nov 2017 08:29:30 -0500, Ernie Luzar wrote: > > I know of FreeBSD and OpenBSD as members in the BSD family of operating > > systems. Are there others and what are their names? > > You can find out easily - without Internet access, from the > following locally installed file: > > /usr/share/misc/bsd-family-tree +1 Never noticed this file. Pretty neat. I wonder if minix shouldn't be mentioned especially now that they are switching to netbsd userland and packages. I guess not entirely BSD due to the kernel and all. > > Depending on what special "relationships" you are searching > for ("ancestors", "siblings", "descendants"), this file will > provide the information. > > One BSD derivate you won't find in there is DEMOS, a UNIX > operating system based on an early BSD for the K1810 family > of computers produced in the GDR (in the 1970s/1980s). ;-) > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Sun Nov 12 14:45:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 919BCE734FE for ; Sun, 12 Nov 2017 14:45:52 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 530B06A551 for ; Sun, 12 Nov 2017 14:45:52 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x229.google.com with SMTP id 71so2419266ior.7 for ; Sun, 12 Nov 2017 06:45:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=SZTT1Lc1keBfYmcZ/Qsoc3cHhV4DuBZcZdloQKOfSkY=; b=hLjjVUUfjcl+GKbqjkmT04Crm8IooEXdp/Th4C0+qjXA6svAj1HgLYHVFHQwKUoE3D viXfHkjQjzfAScg6PddRzA+kvpXpxpDQwoOrmgRjWRd4VDDfIifCDyqq2YDqm0vT9JDo AQfCMjeFQ4XsiSMzmsyon5HCsugI9DzfVtTlKh7DMEQ/Nobqek6FN7cNzehEm52eEIrm SrsjqxM2fHi6H7/MXMviFTaZ/SavnfzV/6yoCqleq1Sm/2QMrfkSfy5CyVZOT9T2amBS pbvWOYdXcKYu94MxLvUk8p+tfcNj7Ahnvq+9rc0TdBQVCOmBz24fX1RksfU5xDp00VV/ wUMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=SZTT1Lc1keBfYmcZ/Qsoc3cHhV4DuBZcZdloQKOfSkY=; b=RvxThYTyDTpTEp5ZN6rzbLlATJZXf+FfVDVnLx1qHAxvKpm4eH4Beym6WCF/xwop/P ZTv6/JoQo/FA46g6wo6ZHWaLYNughJrsqpdqNy73o4bdSJ4AxG5h20zAEznivHeArUTX 20CtbI047lFjDan5LH9v792jaZq5iqwRnaQ+jLWN3r6crAvXdMaHY3h4d9+0d5k3EooS NIeqwbCoxFM2bUajBkxggLMuUMUVvvpNnUYb0oop+xNkUHdEbyBMfE1g/ykFlvMHVGW9 U6uy2ffTGZxTXz/ItQRPLK6NREFasGQKkjDfzejm58IK14AHQWHovF6D3KCCcj6LYBm/ mLfQ== X-Gm-Message-State: AJaThX76QUUEIdss8wuOlEnI0WUFR/4oow2DlYC0fPYX7X+HKIfwHd61 UukmG9M8aHsd6NZaZBeXle/kBw== X-Google-Smtp-Source: AGs4zMZ9YVpx/xqHMSV/KmD4eVq+6uVlWQ2XsJaC6OHxahGGVc0YJ8yxtVC2s1xKiwTcCPZ5coimKg== X-Received: by 10.107.212.14 with SMTP id l14mr7446885iog.66.1510497951564; Sun, 12 Nov 2017 06:45:51 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id v20sm6517988iob.0.2017.11.12.06.45.50 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 12 Nov 2017 06:45:51 -0800 (PST) Message-ID: <5A085E9F.7010701@gmail.com> Date: Sun, 12 Nov 2017 09:45:51 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Mitch MRC CC: Outback Dingo , Vladimir Botka , Mitch MRC via freebsd-questions Subject: Re: Server for web hosting and emails References: <1947620261.80174.1510389431279.ref@mail.yahoo.com> <1947620261.80174.1510389431279@mail.yahoo.com> <20171111104334.7bcbb022@planb.netng.org> <20171111111143.130b5b31@planb.netng.org> <966939340.163969.1510414084521@mail.yahoo.com> In-Reply-To: <966939340.163969.1510414084521@mail.yahoo.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 14:45:52 -0000 Mitch MRC via freebsd-questions wrote: > Thank you for your replies.Is it possible to make it with dynamic IP from the ISP? Or i should ask for a fixed IP? > Mircea > Just so you know about all your options. Yes it is possible to use a dynamic ip address. It's all a matter of risk. In todays market of phone companies and cable TV providers acting as ISP's the chance of then changing your assigned dynamic IP address is very low. I have had the same dynamic IP address from my TV cable ISP for 10+ years. To reduce the risk to zero you can have your fqdn registered with one of the many "dynamic DNS" service providers. You then run a daemon on your host that watches your IP address and if it changes automatically sends a update to your "dynamic DNS" service provider changing your fqdn to point to the new IP address. Down time is less than 5 minutes. But your missing the big picture problem. Normally ISP's sell 2 account types, home users who get a single dynamic IP address with some max bandwidth per month and the business account who gets a group of static ip addresses and have bandwidth usage groups that cost more per month as bandwidth usage increases as more hosting customers are added. As I read this thread I see you are thinking about running a home based hosting service. A very small scale environment would work but if your bandwidth exceeds the max for a home user account your ISP may stop serving your account until the next month. Or even worse they may determine that you are abusing your home account contract and terminate your service all together. This will really put a negative turn on your home hosting service and paying customers will leave you asap. There are other considerations for a 24/7 service, like UPS and or a gas powered electric generator redundancy of computers and network controllers solid state hard drives and the list goes on. If your intention is something to play with at home so you can learn about how things go together, then no problem. If this is a prelude to a for profit hosting service then you better have very deep pockets because this is going to cost a lot of up front money to do it right. Maybe you should check into the affiliate program of many existing hosting companies. For a price you get a branded hosting front end that looks & feel like a real hosting service, but in reality your just selling services for the downstream provider. Good luck. From owner-freebsd-questions@freebsd.org Sun Nov 12 20:06:32 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23D5BC7B97F for ; Sun, 12 Nov 2017 20:06:32 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from dnvrco-cmomta03.email.rr.com (dnvrco-outbound-snat.email.rr.com [107.14.73.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EF4B573502 for ; Sun, 12 Nov 2017 20:06:31 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from [192.168.0.11] ([76.183.153.52]) by cmsmtp with ESMTPA id DyTqe2UW3e8IaDyTteHjWs; Sun, 12 Nov 2017 20:03:50 +0000 Date: Sun, 12 Nov 2017 14:03:45 -0600 From: Paul Schmehl Reply-To: Paul Schmehl To: FreeBSD Questions Subject: Openssl problem Message-ID: <47D923B54DCCEC14A12CD796@Pauls-MacBook-Pro.local> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-CMAE-Envelope: MS4wfG74QuAxj7pr90ic7uPkyzFzVnksfeA2sePjGXO10HP+X/TtI9Btlp5+bgGMPa2cULwJG48Is6gIUYZR6zX4wGUN8O2edwG8ko4kZGGyxnDFrvT8Rj0c hQh9ZGeWM0tZuFquUf2foABNArFkhQZHObY0BnabZ2BaL7t1BLHq0n5p1gnUeqUWnqVwWRGbxJoYTw== X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 20:06:32 -0000 Since openssl is now in base, I hope this is the appropriate list for these questions. I'm running FreeBSD 10.3-RELEASE with # openssl version OpenSSL 1.0.1s-freebsd 1 Mar 2016 This is the FreeBSD base version of openssl, not the ports version. I have ssh access to the server and can sudo to root. Please note: In the error messages below, I have removed some of the pathing so as not to reveal the exact locations on the server. I have two problems. When I use https with an rss reader module in Joomla, I get this error: Warning: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 Warning: fopen(): Failed to enable crypto in /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 Warning: fopen(https://blog.vvfh.org/feed/rss2): failed to open stream: operation failed in /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 I've worked around this problem by not forcing https on the blog. That way the module can read the rss feed without encryption. The blog works without SSL and with SSL, and I force SSL for logins. I had someone test the feed from a different server, and it worked fine with SSL, so the problem appears to be isolated to this server. The second problem occurs when I try to run some commandline python scripts, I get this error: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='wiki.vvfh.org', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)) Both of them appear to be related to how openssl handles ssl sessions. Even more confusing, if I verify the cert from the commandline, openssl says it's OK. openssl verify -untrusted comodo-rsa-domain-validation-sha-2-w-root.ca-bundle STAR_vvfh_org.crt STAR_vvfh_org.crt: OK If I verify the cert without the chain, I get an error: openssl verify STAR_vvfh_org.crt STAR_vvfh_org.crt: OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.vvfh.org error 20 at 0 depth lookup:unable to get local issuer certificate This is my apache (2.4) config: # Enable SSL SSLEngine On SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCertificateFile /webcerts/STAR_vvfh_org.crt SSLCertificateKeyFile /webcerts/STAR.vvfh.org.key SSLCACertificateFile /webcerts/COMODORSADomainValidationSecureServerCA.crt SSLCertificateChainFile /webcerts/comodo-rsa-domain-validation-sha-2-w-root.ca-bundle I've been working around the problem, but I'd like to figure it out and get it fixed. Paul Schmehl, Retired As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell From owner-freebsd-questions@freebsd.org Sun Nov 12 20:36:55 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AAB3C7C123 for ; Sun, 12 Nov 2017 20:36:55 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from mail.pettijohn-web.com (pettijohn-web.com [108.61.222.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pettijohn-web.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6226B743A2 for ; Sun, 12 Nov 2017 20:36:55 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from FreeBSD (50.59.65.174 [50.59.65.174]) by mail.pettijohn-web.com (OpenSMTPD) with ESMTPSA id 570fb760 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Sun, 12 Nov 2017 14:36:46 -0600 (CST) Date: Sun, 12 Nov 2017 14:36:31 -0600 From: Edgar Pettijohn To: Paul Schmehl Cc: FreeBSD Questions Subject: Re: Openssl problem Message-ID: <20171112203631.GA56031@FreeBSD> References: <47D923B54DCCEC14A12CD796@Pauls-MacBook-Pro.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47D923B54DCCEC14A12CD796@Pauls-MacBook-Pro.local> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 20:36:55 -0000 On Sun, Nov 12, 2017 at 02:03:45PM -0600, Paul Schmehl wrote: > Since openssl is now in base, I hope this is the appropriate list for these > questions. > > I'm running FreeBSD 10.3-RELEASE with # openssl version > OpenSSL 1.0.1s-freebsd 1 Mar 2016 > > This is the FreeBSD base version of openssl, not the ports version. I have > ssh access to the server and can sudo to root. > > Please note: In the error messages below, I have removed some of the > pathing so as not to reveal the exact locations on the server. > > I have two problems. > > When I use https with an rss reader module in Joomla, I get this error: > Warning: fopen(): SSL operation failed with code 1. OpenSSL Error messages: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed in /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line > 335 Warning: fopen(): Failed to enable crypto in > /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 > Warning: fopen(https://blog.vvfh.org/feed/rss2): failed to open stream: > operation failed in > /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 I'm curious what this line is. > > I've worked around this problem by not forcing https on the blog. That way > the module can read the rss feed without encryption. The blog works without > SSL and with SSL, and I force SSL for logins. > > I had someone test the feed from a different server, and it worked fine > with SSL, so the problem appears to be isolated to this server. > > The second problem occurs when I try to run some commandline python > scripts, I get this error: requests.exceptions.ConnectionError: > HTTPSConnectionPool(host='wiki.vvfh.org', port=443): Max retries exceeded > with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL > routines', 'ssl3_get_server_certificate', 'certificate verify > failed')],)",),)) > > > Both of them appear to be related to how openssl handles ssl sessions. > > Even more confusing, if I verify the cert from the commandline, openssl > says it's OK. > openssl verify -untrusted > comodo-rsa-domain-validation-sha-2-w-root.ca-bundle STAR_vvfh_org.crt > STAR_vvfh_org.crt: OK > > If I verify the cert without the chain, I get an error: > openssl verify STAR_vvfh_org.crt > STAR_vvfh_org.crt: OU = Domain Control Validated, OU = PositiveSSL > Wildcard, CN = *.vvfh.org > error 20 at 0 depth lookup:unable to get local issuer certificate > > This is my apache (2.4) config: > # Enable SSL > SSLEngine On > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 maybe try just: SSLProtocol all and see if that doesn't help. > SSLCipherSuite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > SSLHonorCipherOrder on > SSLCertificateFile /webcerts/STAR_vvfh_org.crt > SSLCertificateKeyFile /webcerts/STAR.vvfh.org.key > SSLCACertificateFile > /webcerts/COMODORSADomainValidationSecureServerCA.crt > SSLCertificateChainFile > /webcerts/comodo-rsa-domain-validation-sha-2-w-root.ca-bundle > > I've been working around the problem, but I'd like to figure it out and get > it fixed. I'd also recommend trying out certbot from ports and try new certificates, etc and just rule those out as the issue. It seems anytime I have an ssl problem it turns out to be the certs are messed up somehow or the permissions are wrong. Good luck! > > Paul Schmehl, Retired > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > ******************************************* > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > "There are some ideas so wrong that only a very > intelligent person could believe in them." George Orwell > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Sun Nov 12 20:59:50 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93CF8C7C7CB for ; Sun, 12 Nov 2017 20:59:50 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from dnvrco-cmomta01.email.rr.com (dnvrco-outbound-snat.email.rr.com [107.14.73.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 774C3750AB for ; Sun, 12 Nov 2017 20:59:49 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from [192.168.0.11] ([76.183.153.52]) by cmsmtp with ESMTPA id DzM1eRoWggoKNDzM4eQl5y; Sun, 12 Nov 2017 20:59:49 +0000 Date: Sun, 12 Nov 2017 14:59:45 -0600 From: Paul Schmehl Reply-To: Paul Schmehl To: Edgar Pettijohn cc: FreeBSD Questions Subject: Re: Openssl problem Message-ID: In-Reply-To: <20171112203631.GA56031@FreeBSD> References: <47D923B54DCCEC14A12CD796@Pauls-MacBook-Pro.local> <20171112203631.GA56031@FreeBSD> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-CMAE-Envelope: MS4wfJsGJGN2/x1nCqAWo4Txr5iXZrhlDZowPWiy/ne3+Gz7EOlz2XbKNrHlOZQTLuXfhBI1efx4Q3vrid6kyRsW8knUWcKVlbnN+bM7dWAss2DSrm0GTtbr zc0gUsLUG88OnsD/vn82D+vF1WEEbPe1iZnAS9u/MN/Q00wW1idOmcq/Ly+Pb1BuCHw97dn6+3IQ7gurhjYPdvo7Qhs//WWX6NZ3wrNEeXL8tps7Y7sOiRsy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 20:59:50 -0000 --On November 12, 2017 at 2:36:31 PM -0600 Edgar Pettijohn wrote: >> Warning: fopen(): SSL operation failed with code 1. OpenSSL Error >> messages: error:14090086:SSL >> routines:ssl3_get_server_certificate:certificate verify failed in >> /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 >> Warning: fopen(): Failed to enable crypto in >> /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 >> Warning: fopen(https://blog.vvfh.org/feed/rss2): failed to open stream: >> operation failed in >> /Sites/www.vvfh.org/libraries/joomla/filesystem/file.php on line 335 > > I'm curious what this line is. > 335 if (false === $fh = fopen($filename, 'rb', $incpath)) 336 { 337 JLog::add(JText::sprintf('JLIB_FILESYSTEM_ERROR_READ_UNABLE_TO_OPEN_FILE', $filename), JLog::WARNING, 'jerror'); 338 339 return false; 340 } I think that's a byproduct of the ssl failure. >> >> >> This is my apache (2.4) config: >> # Enable SSL >> SSLEngine On >> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > > maybe try just: > SSLProtocol all > > and see if that doesn't help. > I'll give that a shot. > > Good luck! Thanks. I've been working on this now, on and off, for about three months. Paul Schmehl, Retired As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell From owner-freebsd-questions@freebsd.org Sun Nov 12 21:03:15 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61090C7CA3F for ; Sun, 12 Nov 2017 21:03:15 +0000 (UTC) (envelope-from srs0=xsvn=ck=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 4DA087544A; Sun, 12 Nov 2017 21:03:14 +0000 (UTC) (envelope-from srs0=xsvn=ck=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3yZmSr13fxz2fk5T; Sun, 12 Nov 2017 13:03:08 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Upgrade old System From: Doug Hardie In-Reply-To: <8bd0b204-682b-fe1c-02e6-a504473efaf6@FreeBSD.org> Date: Sun, 12 Nov 2017 13:03:07 -0800 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <03EE617A-B023-4763-B7FF-C79017A026E2@mail.sermon-archive.info> References: <20171111093555.a28a5692.freebsd@edvax.de> <20171111105416.9c74b061.freebsd@edvax.de> <8bd0b204-682b-fe1c-02e6-a504473efaf6@FreeBSD.org> To: Matthew Seaman X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 21:03:15 -0000 > On 11 November 2017, at 02:18, Matthew Seaman = wrote: >=20 > On 11/11/2017 09:54, Polytropon wrote: >>>> FreeBSD 8.2-STABLE #1: Wed Aug 24 10:25:44 CEST 2011 :-) >=20 >>> Unfortunately, re-installation is not possible. Its just not >>> accessible except via ssh. >=20 >> Okay, this is limiting your options. Maybe you can use source >> update, but not directly from 8.2 to 11.1, but instead to 9.0, >> 10.0, 11.0; it's possible that you also need to upgrade each >> of the major versions to the maximum minor version first, then >> make the switch to the next major version. >=20 > One thing to check before you start: is the root partition large = enough? > The space required for the root has grown steadily over the years and > complaints about running out of space used to be a regular refrain on > the lists when a new major release came out. Much less of a problem > nowadays given the installer defaults to a single big partition for > pretty much everything. I've been bit by that a few times. Some of the servers started out on = version 3.5 and have been updated until 9.x. While those have gone away = recently, I got hit twice by that issue on each over the years of = upgrades. This machine has only one partition per drive. For some = reason, I don't recall, I put /usr on a separate drive. It doesn't need = to be as this is a demo machine for a client. It only needs 13 GB = total. Anyway, looking at the effort required to incrementally upgrade = vi freebsd-update, it's just not worth the time. All the production = servers went via the upgrade process over the years. This one lost it's = internet connection and sat unused for many years. So I know the = upgrade path is viable, but I remember the work involved. I am = currently building a copy of the production system into the demo system = and will scp it up when finished. My main concern is that when the = drive has been upgraded via tar, will the kernel still work enough to be = able to reboot? The shutdown binary will have been replaced with the = new one. I suspect I will need to use the shutdown in /rescue to avoid = issues with upgraded libraries. -- Doug From owner-freebsd-questions@freebsd.org Mon Nov 13 01:09:16 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F0F0CA1ACF for ; Mon, 13 Nov 2017 01:09:16 +0000 (UTC) (envelope-from do-not-reply@yahoo.com) Received: from sonic332-17.consmr.mail.bf2.yahoo.com (sonic332-17.consmr.mail.bf2.yahoo.com [74.6.130.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3D5C87B455 for ; Mon, 13 Nov 2017 01:09:16 +0000 (UTC) (envelope-from do-not-reply@yahoo.com) Received: from sonic.gate.mail.ne1.yahoo.com by sonic332.consmr.mail.bf2.yahoo.com with HTTP; Mon, 13 Nov 2017 01:09:15 +0000 From: nwa abig To: freebsd-questions@freebsd.org Message-ID: <812713132.17475061510535355259.JavaMail.yahoo@tardis029.cal.bf1.yahoo.com> Subject: Invitation: ECO BANK PLC,DEPT OF WESTERN UNION MONEY TRANSFER. @ Wednesday, 01 November 2017 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 13 Nov 2017 01:09:16 -0000 X-List-Received-Date: Mon, 13 Nov 2017 01:09:16 -0000 From owner-freebsd-questions@freebsd.org Mon Nov 13 01:10:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 337C2CA1D78 for ; Mon, 13 Nov 2017 01:10:04 +0000 (UTC) (envelope-from do-not-reply@yahoo.com) Received: from sonic328-17.consmr.mail.bf2.yahoo.com (sonic328-17.consmr.mail.bf2.yahoo.com [74.6.128.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CB73C7B5DE for ; Mon, 13 Nov 2017 01:10:03 +0000 (UTC) (envelope-from do-not-reply@yahoo.com) Received: from sonic.gate.mail.ne1.yahoo.com by sonic328.consmr.mail.bf2.yahoo.com with HTTP; Mon, 13 Nov 2017 01:10:02 +0000 From: nwa abig To: freebsd-questions@freebsd.org Message-ID: <385294906.16224241510535402530.JavaMail.yahoo@tardis003.cal.bf1.yahoo.com> Subject: Cancelled: ECO BANK PLC,DEPT OF WESTERN UNION MONEY TRANSFER. @ Wednesday, 01 November 2017 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 13 Nov 2017 01:10:04 -0000 X-List-Received-Date: Mon, 13 Nov 2017 01:10:04 -0000 From owner-freebsd-questions@freebsd.org Mon Nov 13 07:38:03 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85BDDD7C5E0 for ; Mon, 13 Nov 2017 07:38:03 +0000 (UTC) (envelope-from balaji.jaganathan@vembu.com) Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3072364484 for ; Mon, 13 Nov 2017 07:38:03 +0000 (UTC) (envelope-from balaji.jaganathan@vembu.com) Received: by mail-lf0-x235.google.com with SMTP id e143so17182720lfg.12 for ; Sun, 12 Nov 2017 23:38:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vembu-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=rduq29uIpEaOGoyN0hEwtwVXFnzw8HrT3oaJnIPJiQw=; b=hztS2jEvgobmyp8nkfWgV1HKmtUCzA0OayuCEGKiUn5WQSNTqQk2X+AKgXUTGw97r0 F/yQZ5C1ARdINDPSXPkUWVHzt2cD9outA4lRDfNjZ4MnD8ECwtUoxSrStoiXCoqKW6KK nKIo1+IZnlHSD4ZwjF/oplZWpdiDodzlELuKLgISuaW9RqMl7I8QbWfmpqRQaI7EoYkQ ZYlsKHr+fW4FtDLdJ2wc2tHO19U8DFmGULINvR8t2Dlm13LGBo5PRHVXsfTFsE22F1db 5jakMsnDIxDhOhsqwTv1qqyTVAGkXY0lFhc+XgRYu1XSGcnjmA/QFr4llY42i5VUAZ0A 417Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=rduq29uIpEaOGoyN0hEwtwVXFnzw8HrT3oaJnIPJiQw=; b=AGiffdfGXJUNwLwXRXm0wXUbpqEr4A9t8cMmNc3SiaSyZOB+SrTZmV2TiFUtTHQpOo vVipqzuqW1Tkysl02cuQGTyIwAXV+qUfXUf59V7K3fYrx0qewY9w+R+LIt1V/hsAWfmW tzbwBBRulfKCE2OY0L9GQeEiMDcHVua61e0N/DjYDPxNWdkjHZpi0hyuNxNFERr9QJHW s1WrfOsauAvvm21EneP9uhqqmDHnpRrZqi1UtDahZUCYYstwjgA2C7t7+ydvQ3osw52B 0CXbIAXugaLDIxrg3P1dMOLZekDqTEAjCXUVcJpYEWWV+/biec89Dy7W+IAnABFGwSvr 4u1g== X-Gm-Message-State: AJaThX7+N+VN+SudO0g/VilUnZqhnZN7l2lTbuyTUGfJ1gUKwOfaRBj8 paDHgbAMouee/X4fuVk6nW91joxs5bbjE4aky1EtwjqN X-Google-Smtp-Source: AGs4zMbvVAWO0I8GfYjyKqpRRl638dlu0/Wg99LgiOgrqit1mq288q3jV+B55lzA2t8EfRebL4oyPaw+knT9/FRIi+c= X-Received: by 10.25.104.19 with SMTP id d19mr2103305lfc.155.1510558680741; Sun, 12 Nov 2017 23:38:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.35.131 with HTTP; Sun, 12 Nov 2017 23:38:00 -0800 (PST) From: Balaji Jaganathan Date: Mon, 13 Nov 2017 13:08:00 +0530 Message-ID: Subject: Need to remove content from your site To: freebsd-questions@freebsd.org Cc: Abdul Khader Jeelani Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 07:38:03 -0000 Hi Team, Please note that we would like to remove the content from the below link on urgent basis. It would be great if you could help us with the removal of below information. http://freebsd.no/ja/commercial/software.html Vembu StoreGrid Vembu StoreGrid is an extremely flexible Desktop Backup Software. StoreGrid's innovative, trusted intranet peer-to-peer backup solution helps backup desktop and laptop data with no need for additional storage hardware. With backup servers, StoreGrid can also be deployed for conventional client-server and remote backup purposes. StoreGrid works on FreeBSD, Linux, Windows and Mac OS X operating systems. Check out http://www.vembu.com for a free trial download of Vembu StoreGrid Desktop Backup Software. Thanks & Regards Balaji J Vembu Technologies. From owner-freebsd-questions@freebsd.org Mon Nov 13 07:56:03 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD943D7CCB0 for ; Mon, 13 Nov 2017 07:56:03 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp207.alice.it (smtp207.alice.it [82.57.200.103]) by mx1.freebsd.org (Postfix) with ESMTP id 4800C64E23 for ; Mon, 13 Nov 2017 07:56:02 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (82.57.190.113) by smtp207.alice.it (8.6.060.28) id 59D204AC0770B1F4 for freebsd-questions@freebsd.org; Mon, 13 Nov 2017 08:55:56 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id vAD7ttlU049147 for ; Mon, 13 Nov 2017 08:55:55 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: USB HD problem To: freebsd-questions@freebsd.org Message-ID: <4743f7ef-4214-36b8-e03b-6fa6d03029c0@netfence.it> Date: Mon, 13 Nov 2017 08:55:50 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 07:56:03 -0000 Hello. On a server I manage, we use an external WD USB HD to make backups. This has been working properly for two years. Now it's getting hard to recognize the HD when it's plugged in: camcontrol will show the "pass" device, but no "da" comes up. On the same box, another very similar HD still works fine. So I tried this HD on several other machines and the conclusion is that on two Windows ones it always works, while on five FreeBSD I see very different results, ranging from always recognized to never recognized. On a couple of box it takes three or four tentatives before da0 comes up. When the disk is not recognized (pass, but no da) I get: > kernel: (probe0:umass-sim0:0:0:1): INQUIRY. CDB: 12 00 00 00 24 00 kernel: (probe0:umass-sim0:0:0:1): CAM status: CCB request completed with an error > kernel: (probe0:umass-sim0:0:0:1): Retrying command > kernel: (probe0:umass-sim0:0:0:1): INQUIRY. CDB: 12 00 00 00 24 00 kernel: (probe0:umass-sim0:0:0:1): CAM status: CCB request completed with an error > kernel: (probe0:umass-sim0:0:0:1): Retrying command > kernel: (probe0:umass-sim0:0:0:1): INQUIRY. CDB: 12 00 00 00 24 00 kernel: (probe0:umass-sim0:0:0:1): CAM status: CCB request completed with an error > kernel: (probe0:umass-sim0:0:0:1): Retrying command > kernel: (probe0:umass-sim0:0:0:1): INQUIRY. CDB: 12 00 00 00 24 00 kernel: (probe0:umass-sim0:0:0:1): CAM status: CCB request completed with an error > kernel: (probe0:umass-sim0:0:0:1): Retrying command > kernel: (da0:umass-sim0:0:0:0): got CAM status 0x44 > kernel: (da0:umass-sim0:0:0:0): fatal error, failed to attach to device > kernel: g_access(918): provider da0 has error > kernel: g_access(918): provider da0 has error > kernel: (probe0:umass-sim0:0:0:1): INQUIRY. CDB: 12 00 00 00 24 00 kernel: (probe0:umass-sim0:0:0:1): CAM status: CCB request completed with an error > kernel: (probe0:umass-sim0:0:0:1): Error 5, Retries exhausted I fail to understand the above codes. Searching the web only yielded a result in German, but AFAICT it's a similiar problem, not the exact one I have. Can someone shed some light on them? Any other suggestion? bye & Thanks av. From owner-freebsd-questions@freebsd.org Mon Nov 13 08:55:22 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C39C1D7DC7B for ; Mon, 13 Nov 2017 08:55:22 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ipmail07.adl2.internode.on.net (ipmail07.adl2.internode.on.net [150.101.137.131]) by mx1.freebsd.org (Postfix) with ESMTP id 55F056630E for ; Mon, 13 Nov 2017 08:55:21 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ppp121-45-11-215.bras1.adl4.internode.on.net (HELO leader.local) ([121.45.11.215]) by ipmail07.adl2.internode.on.net with ESMTP; 13 Nov 2017 19:25:13 +1030 Subject: Re: List of OS in BSD family To: Edgar Pettijohn Cc: "freebsd-questions@freebsd.org" References: <5A084CBA.7090204@gmail.com> <20171112145938.cb0488ab.freebsd@edvax.de> <20171112142326.GA52428@FreeBSD> From: Shane Ambler Message-ID: Date: Mon, 13 Nov 2017 19:25:11 +1030 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171112142326.GA52428@FreeBSD> Content-Type: text/plain; charset=utf-8 Content-Language: en-AU Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 08:55:22 -0000 On 13/11/2017 00:53, Edgar Pettijohn wrote: > On Sun, Nov 12, 2017 at 02:59:38PM +0100, Polytropon wrote: >> On Sun, 12 Nov 2017 08:29:30 -0500, Ernie Luzar wrote: >>> I know of FreeBSD and OpenBSD as members in the BSD family of operating >>> systems. Are there others and what are their names? >> >> You can find out easily - without Internet access, from the >> following locally installed file: >> >> /usr/share/misc/bsd-family-tree > > +1 > > Never noticed this file. Pretty neat. I wonder if minix shouldn't be > mentioned especially now that they are switching to netbsd userland and > packages. I guess not entirely BSD due to the kernel and all. You mean like OSX, which uses a merge of the Mach and BSD kernels. But then I thought SunOS used to be on that tree, maybe there are more complete variations of that tree. -- FreeBSD - the place to B...Software Developing Shane Ambler From owner-freebsd-questions@freebsd.org Mon Nov 13 09:16:29 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0ADC5D7E62B for ; Mon, 13 Nov 2017 09:16:29 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C30EB6703E for ; Mon, 13 Nov 2017 09:16:28 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 7B6E56602 for ; Mon, 13 Nov 2017 09:16:25 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: Need to remove content from your site To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <10623d57-1fdb-2849-658e-c5635ad791de@FreeBSD.org> Date: Mon, 13 Nov 2017 09:16:23 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 09:16:29 -0000 On 13/11/2017 07:38, Balaji Jaganathan wrote: > Hi Team, > > Please note that we would like to remove the content from the below link on > urgent basis. It would be great if you could help us with the removal of > below information. http://freebsd.no/ja/commercial/software.html That's a copy of the Japanese translation of the FreeBSD website hosted on a server in Norway. The primary source is: https://www.freebsd.org/commercial/software.html; change to that page will propagate out to all the different localizations and mirrors. > Vembu StoreGrid > > Vembu StoreGrid is an extremely flexible Desktop Backup Software. > StoreGrid's innovative, trusted intranet peer-to-peer backup solution helps > backup desktop and laptop data with no need for additional storage > hardware. With backup servers, StoreGrid can also be deployed for > conventional client-server and remote backup purposes. StoreGrid works on > FreeBSD, Linux, Windows and Mac OS X operating systems. Check out > http://www.vembu.com for a free trial download of Vembu StoreGrid Desktop > Backup Software. Please can you go to: https://bugs.freebsd.org/bugzilla/ and click on the link 'Report an issue with the FreeBSD documentation or website' to create a new problem report and describe there what you'ld like to have changed. Cheers, Matthew From owner-freebsd-questions@freebsd.org Mon Nov 13 12:27:51 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17F96DB95B5 for ; Mon, 13 Nov 2017 12:27:51 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) Received: from bca5.email-od.com (bca5.email-od.com [207.246.239.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E2A1B6C57B for ; Mon, 13 Nov 2017 12:27:50 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1510576073; x=1513168073; h=x-thread-info:date:from:to:subject:message-id:in-reply-to:references:mime-version:content-type:content-transfer-encoding; bh=079IfvxdPUYUBxnezzVmnyAnVgowBPME1HekFWu67sc=; b=qF+18rvk7suFH8gj+ASyCv4WaNF2XtQYx61dzmgM8PxAtuM9C8YH1qXbC82+nq0MSQXCqCY/nPLLVee04HRbwXFuIjq3p/7u8agdCRdPwmCJVznO6Fkah6naEJRzZznsugqBA9QKrqLAntQdLeCa4rVsxv0JNw2ALoi7I42T/CQ= X-Thread-Info: NDI1MC4xMi43ODAwMDAwMDI5OWFiZC5mcmVlYnNkLXF1ZXN0aW9ucz1mcmVlYnNkLm9yZw== Received: from r1.h.in.socketlabs.com (r1.h.in.socketlabs.com [142.0.180.11]) by bca2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Mon, 13 Nov 2017 06:27:35 -0500 Received: from smtp.lan.sohara.org (EMTPY [89.127.62.20]) by r1.h.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Mon, 13 Nov 2017 06:27:31 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.89 (FreeBSD)) (envelope-from ) id 1eECtl-0000nV-N6 for freebsd-questions@freebsd.org; Mon, 13 Nov 2017 11:27:29 +0000 Date: Mon, 13 Nov 2017 11:27:29 +0000 From: Steve O'Hara-Smith To: freebsd-questions@freebsd.org Subject: Re: List of OS in BSD family Message-Id: <20171113112729.6ac8fa7a03639a2005b90b1f@sohara.org> In-Reply-To: References: <5A084CBA.7090204@gmail.com> <20171112145938.cb0488ab.freebsd@edvax.de> <20171112142326.GA52428@FreeBSD> X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 12:27:51 -0000 On Mon, 13 Nov 2017 19:25:11 +1030 Shane Ambler wrote: > You mean like OSX, which uses a merge of the Mach and BSD kernels. > > But then I thought SunOS used to be on that tree, maybe there are more > complete variations of that tree. I have seen a more complete unix family tree that includes all the commercial branches, it's a lot more complex. -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Mon Nov 13 13:34:02 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60E0CDBA9B9 for ; Mon, 13 Nov 2017 13:34:02 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E599E6E7DB for ; Mon, 13 Nov 2017 13:34:01 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from [10.154.179.141] ([85.255.236.137]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vADDXnhX037907 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Mon, 13 Nov 2017 13:33:51 GMT (envelope-from freebsd-doc@fjl.co.uk) User-Agent: K-9 Mail for Android MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Centos on FreeBSD From: Frank Leonhardt Date: Mon, 13 Nov 2017 13:33:35 +0000 To: "freebsd-questions@freebsd.org" Message-ID: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:34:02 -0000 What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got it running fairly happily on Xen, but I get the feeling it's not quite right. It takes a very long time to boot, for example. I did think of running CentOS as Dom0 and BSD as DomU, but there must be a better way. Before I delve into why CentOS takes ten minutes to boot (no clue on screen, of course), is there a better hypervisor? I would prefer not to run X. Talking to CentOS on VNC suits me very well. Thanks, Frank. From owner-freebsd-questions@freebsd.org Mon Nov 13 13:39:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6888ADBAB09 for ; Mon, 13 Nov 2017 13:39:12 +0000 (UTC) (envelope-from antranig@vartanian.am) Received: from mail-it0-x244.google.com (mail-it0-x244.google.com [IPv6:2607:f8b0:4001:c0b::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32CAE6E950 for ; Mon, 13 Nov 2017 13:39:11 +0000 (UTC) (envelope-from antranig@vartanian.am) Received: by mail-it0-x244.google.com with SMTP id b5so3066684itc.3 for ; Mon, 13 Nov 2017 05:39:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vartanian-am.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=caCFrAD5mUjXCXdNrl4qrJV2PA+DInmwhuSMnIJAfRg=; b=l8Mc4XPnuymi/YUdJgiILj6l61aAAuTUBt31WYBXoLVq2VbQp6lNIxcrI3N1jaYmDD UGPhKB0tem/fUC3AGp263WVX0JX4LSXTK/hY30xhGGBvzAtR4Fj9eVOqNoMf07Cm3Sgf eZvJ/zp+jIUXjlp4un20XS+6kLLUiHtdSgrSRKdS5htcavM9lWob+RhSfXbjChJZPCA2 GxwRPHjO+iRClPGXzfVn4bdE7UqBRPduekI4UXnqWbKRm26vN43jQioPW6IRllyWarbU q9MSXEXyKT81nexZFapVN4Pz/YUOcEZuP6RDSVqC77IewUa72A8LVkpH1tQb2lHtiMS5 3TGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=caCFrAD5mUjXCXdNrl4qrJV2PA+DInmwhuSMnIJAfRg=; b=EM8BaMy1ds67dOJPOMWR1redFxjRomjHFN/RMuluILgLA4lUx9/OYV28Ebq0LUOFL1 XnMIFVwGYtu728baIrz74W7JwuwtLAIEdrOb0nHmVPD4yIfvjWyT/Hd+Uj4XeNocd0ly /sthAE8GSrG5Hl+zg6xBybxDFhNM2kU4un+IJeNIW0zsLI4IHcxaG++etwguIHSKFVD1 lmYL0GS4u4Vns06QYur42S13zZWjNIN3t00AwkboOj68qNJuU+gXrIDL/EKYn3d4CpKB OuRDzQxq1znuBL49dM6TmONtu+qJe59HqCXdPvBMZ0oFzCS45S+hgAoNpgVyu1BC9Qi3 3cIw== X-Gm-Message-State: AJaThX7EywWArrjHb2PL5aWXoGKjzur1C4KIIHBYG1BkQkPw6RXUlBKH EIPtfUB2wBuLqQqhxMRw3ne3NloJWqTibSg/9AOtGXn5jQk= X-Google-Smtp-Source: AGs4zMaS6kOG3CaWOE4ccaVUN8SQrnrC6rU5bj3+5BFc7gfoCI/knwOpIiHGEYIaEBEBT/DVmhVEKMhFn0jx2+1qL44= X-Received: by 10.36.50.11 with SMTP id j11mr11002749ita.153.1510580350955; Mon, 13 Nov 2017 05:39:10 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.160.213 with HTTP; Mon, 13 Nov 2017 05:38:50 -0800 (PST) X-Originating-IP: [212.42.192.50] In-Reply-To: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> From: Antranig Vartanian Date: Mon, 13 Nov 2017 17:38:50 +0400 Message-ID: Subject: Re: Centos on FreeBSD To: Frank Leonhardt Cc: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:39:12 -0000 you may run CentOS (or any other Linux system) on FreeBSD with bhyve ( http://bhyve.org/) and also do the management with vm-bhyve ( https://github.com/churchers/vm-bhyve) which also has templates for CentOS ( https://github.com/churchers/vm-bhyve/blob/master/sample-templates/centos7.conf) or any other management wrapper. -- antranigv https://antranigv.am/ | PGP Key ID : 0xDAB81456 /* do one thing and do it well */ On Mon, Nov 13, 2017 at 5:33 PM, Frank Leonhardt wrote: > What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got it > running fairly happily on Xen, but I get the feeling it's not quite right. > It takes a very long time to boot, for example. > > I did think of running CentOS as Dom0 and BSD as DomU, but there must be a > better way. > > Before I delve into why CentOS takes ten minutes to boot (no clue on > screen, of course), is there a better hypervisor? I would prefer not to run > X. Talking to CentOS on VNC suits me very well. > > Thanks, Frank. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Mon Nov 13 13:48:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D495DDBADE7 for ; Mon, 13 Nov 2017 13:48:06 +0000 (UTC) (envelope-from antranig@vartanian.am) Received: from mail-it0-x244.google.com (mail-it0-x244.google.com [IPv6:2607:f8b0:4001:c0b::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 974016EDB6 for ; Mon, 13 Nov 2017 13:48:06 +0000 (UTC) (envelope-from antranig@vartanian.am) Received: by mail-it0-x244.google.com with SMTP id b5so3097235itc.3 for ; Mon, 13 Nov 2017 05:48:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vartanian-am.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EUOy3nm4QYGbz/tOB0rKs55IJIEn7pncxaXzo7MpYHY=; b=m4/rsn3rwlZJAIIafe2TjbYFFUTJI2kyqo1kr/Kp0Yc+qToY6Xc5xvjaLsDVoQ6KlD 8p+UPlJ50lwO8TxSaCTOfChfY5EMp8T1L386sVv7lLtOLBclMgMUVQFmkqE9E7kIm6VM fIPyefByk+aJvRfoqrqA5bl0uQIvoWGoOhdIz4orpvBzwsD0KG4ZrcwGtedApASfMzhK CvL13sdgC9R/NZxOhwUQTWTWLq1GZreZwWND1/DLoKIR6bb6Zbm9Blyjy7A9gAEHqGMy IW5Sb0cwJxenffYmEl15t1yInizlnCYLBpdEy/SC03hcg0E2qj9R+Sb7FPdgWtkh7akz nIwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EUOy3nm4QYGbz/tOB0rKs55IJIEn7pncxaXzo7MpYHY=; b=l5F1EsJhpZ9c/rXWV7dK4DSXtOscEbPdrq7ET9NasXgwYc/xDvDlrGimK091o2iyD3 QVHiS0SuP5o3oY65i43HH7BXQV8gPiz9L5SMEjEG8kh6sfhOjfLRuSVeMI2pcBkekba4 XxNIJ6cTMOiY3bSLow7pufJixYPaAQ1Pruf6Q2x9dWFmTJYASpHtO+ZLoOQ2v/gox8Xf tl52MQfxqnG7ym40vRI1w+Cpe/E0G/ng4y1ume9pG9RAspc9EJ2InzSAxwA4v67RyHZ7 dfTVyEyrMdy5v3O24OWjhwBgGTVIytEpiD4pQ8RoLjZAcLslgFlR9xZBBnZ51irC/Coo 9JuA== X-Gm-Message-State: AJaThX4RhYTFyT3yKx7W6FV0tI0OPtQTx4+9rrDd9PmBFlCl0MatwCmG 3Tro0B/E6kofXcIy1Yh00cK55NnjH0b/6MA0SFk5cMOR X-Google-Smtp-Source: AGs4zMZI+EGayC7eImXQFhLvvZ5qW2F7pKydxs0hBvkTLzhycMwBOPpYBUv4I1TwxrJkLlMVTe73kdJpYWRSmxYNDnM= X-Received: by 10.36.218.69 with SMTP id z66mr10489306itg.131.1510580886013; Mon, 13 Nov 2017 05:48:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.160.213 with HTTP; Mon, 13 Nov 2017 05:48:05 -0800 (PST) X-Originating-IP: [82.199.201.36] Received: by 10.107.160.213 with HTTP; Mon, 13 Nov 2017 05:48:05 -0800 (PST) In-Reply-To: References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> From: Antranig Vartanian Date: Mon, 13 Nov 2017 17:48:05 +0400 Message-ID: Subject: Re: Centos on FreeBSD To: igorr@pochta-mx.canmos.ru Cc: Frank Leonhardt , "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:48:06 -0000 I didn't know about QEMU on FreeBSD. how is it compared to bhyve? how's the support? -- antranigv https://antranigv.am/ | PGP Key ID : 0xDAB81456 /* do one thing and do it well */ On Nov 13, 2017 5:46 PM, "Igor V. Ruzanov" wrote: > Or it could even be QEMU with accelerator module kqemu.ko > > |you may run CentOS (or any other Linux system) on FreeBSD with bhyve ( > |http://bhyve.org/) and also do the management with vm-bhyve ( > |https://github.com/churchers/vm-bhyve) which also has templates for > CentOS ( > |https://github.com/churchers/vm-bhyve/blob/master/sample- > templates/centos7.conf) > |or any other management wrapper. > | > |-- > |antranigv > | > |https://antranigv.am/ | PGP Key ID : 0xDAB81456 > |/* do one thing and do it well */ > | > | > |On Mon, Nov 13, 2017 at 5:33 PM, Frank Leonhardt > |wrote: > | > |> What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got > it > |> running fairly happily on Xen, but I get the feeling it's not quite > right. > |> It takes a very long time to boot, for example. > |> > |> I did think of running CentOS as Dom0 and BSD as DomU, but there must > be a > |> better way. > |> > |> Before I delve into why CentOS takes ten minutes to boot (no clue on > |> screen, of course), is there a better hypervisor? I would prefer not to > run > |> X. Talking to CentOS on VNC suits me very well. > |> > |> Thanks, Frank. > |> > |> _______________________________________________ > |> freebsd-questions@freebsd.org mailing list > |> https://lists.freebsd.org/mailman/listinfo/freebsd-questions > |> To unsubscribe, send any mail to "freebsd-questions- > |> unsubscribe@freebsd.org" > |> > |_______________________________________________ > |freebsd-questions@freebsd.org mailing list > |https://lists.freebsd.org/mailman/listinfo/freebsd-questions > |To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > | > From owner-freebsd-questions@freebsd.org Mon Nov 13 13:49:51 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C3E5DBAEC4 for ; Mon, 13 Nov 2017 13:49:51 +0000 (UTC) (envelope-from igorr@pochta-mx.canmos.ru) Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A18A66EEC2 for ; Mon, 13 Nov 2017 13:49:50 +0000 (UTC) (envelope-from igorr@pochta-mx.canmos.ru) Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) by pochta-mx.canmos.ru (Postfix) with ESMTP id 217052DBBC63; Mon, 13 Nov 2017 16:49:41 +0300 (MSK) X-Spam-Checker-Version: SpamAssassin 3.3.2-pochta_20120910 (2011-06-06) on pochta.canmos.ru X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2-pochta_20120910 Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by pochta-mx.canmos.ru (Postfix) with ESMTPS; Mon, 13 Nov 2017 16:49:41 +0300 (MSK) Date: Mon, 13 Nov 2017 16:49:41 +0300 (MSK) From: "Igor V. Ruzanov" X-X-Sender: igorr@pochta.canmos.ru To: Antranig Vartanian cc: Frank Leonhardt , "freebsd-questions@freebsd.org" Subject: Re: Centos on FreeBSD In-Reply-To: Message-ID: References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-GPG-PUBLIC-KEY: 1024D/F433BDD5 2009-06-17 Igor V. Ruzanov X-GPG-FINGERPRINT: 5030 C793 4238 FAFF 827F 0E99 FDCE 63DD F433 BDD5 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:49:51 -0000 bhyve is just FreeBSD's native hypervisor |I didn't know about QEMU on FreeBSD. how is it compared to bhyve? how's the support?  | |-- |antranigv |https://antranigv.am/    |    PGP Key ID : 0xDAB81456 |/* do one thing and do it well */ | |On Nov 13, 2017 5:46 PM, "Igor V. Ruzanov" wrote: | Or it could even be QEMU with accelerator module kqemu.ko | | |you may run CentOS (or any other Linux system) on FreeBSD with bhyve ( | |http://bhyve.org/) and also do the management with vm-bhyve ( | |https://github.com/churchers/vm-bhyve) which also has templates for CentOS ( | |https://github.com/churchers/vm-bhyve/blob/master/sample-templates/centos7.conf) | |or any other management wrapper. | | | |-- | |antranigv | | | |https://antranigv.am/    |    PGP Key ID : 0xDAB81456 | |/* do one thing and do it well */ | | | | | |On Mon, Nov 13, 2017 at 5:33 PM, Frank Leonhardt | |wrote: | | | |> What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got it | |> running fairly happily on Xen, but I get the feeling it's not quite right. | |> It takes a very long time to boot, for example. | |> | |> I did think of running CentOS as Dom0 and BSD as DomU, but there must be a | |> better way. | |> | |> Before I delve into why CentOS takes ten minutes to boot (no clue on | |> screen, of course), is there a better hypervisor? I would prefer not to run | |> X. Talking to CentOS on VNC suits me very well. | |> | |> Thanks, Frank. | |> | |> _______________________________________________ | |> freebsd-questions@freebsd.org mailing list | |> https://lists.freebsd.org/mailman/listinfo/freebsd-questions | |> To unsubscribe, send any mail to "freebsd-questions- | |> unsubscribe@freebsd.org" | |> | |_______________________________________________ | |freebsd-questions@freebsd.org mailing list | |https://lists.freebsd.org/mailman/listinfo/freebsd-questions | |To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" | | | | | From owner-freebsd-questions@freebsd.org Mon Nov 13 13:51:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11B2DDBAF99 for ; Mon, 13 Nov 2017 13:51:40 +0000 (UTC) (envelope-from igorr@pochta-mx.canmos.ru) Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF34C6F064 for ; Mon, 13 Nov 2017 13:51:39 +0000 (UTC) (envelope-from igorr@pochta-mx.canmos.ru) Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) by pochta-mx.canmos.ru (Postfix) with ESMTP id 1F7ED2DBBC4F; Mon, 13 Nov 2017 16:46:24 +0300 (MSK) X-Spam-Checker-Version: SpamAssassin 3.3.2-pochta_20120910 (2011-06-06) on pochta.canmos.ru X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2-pochta_20120910 Received: from pochta-mx.canmos.ru (pochta-mx.canmos.ru [89.107.127.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by pochta-mx.canmos.ru (Postfix) with ESMTPS; Mon, 13 Nov 2017 16:46:24 +0300 (MSK) Date: Mon, 13 Nov 2017 16:46:24 +0300 (MSK) From: "Igor V. Ruzanov" X-X-Sender: igorr@pochta.canmos.ru To: Antranig Vartanian cc: Frank Leonhardt , "freebsd-questions@freebsd.org" Subject: Re: Centos on FreeBSD In-Reply-To: Message-ID: References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-GPG-PUBLIC-KEY: 1024D/F433BDD5 2009-06-17 Igor V. Ruzanov X-GPG-FINGERPRINT: 5030 C793 4238 FAFF 827F 0E99 FDCE 63DD F433 BDD5 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:51:40 -0000 Or it could even be QEMU with accelerator module kqemu.ko |you may run CentOS (or any other Linux system) on FreeBSD with bhyve ( |http://bhyve.org/) and also do the management with vm-bhyve ( |https://github.com/churchers/vm-bhyve) which also has templates for CentOS ( |https://github.com/churchers/vm-bhyve/blob/master/sample-templates/centos7.conf) |or any other management wrapper. | |-- |antranigv | |https://antranigv.am/ | PGP Key ID : 0xDAB81456 |/* do one thing and do it well */ | | |On Mon, Nov 13, 2017 at 5:33 PM, Frank Leonhardt |wrote: | |> What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got it |> running fairly happily on Xen, but I get the feeling it's not quite right. |> It takes a very long time to boot, for example. |> |> I did think of running CentOS as Dom0 and BSD as DomU, but there must be a |> better way. |> |> Before I delve into why CentOS takes ten minutes to boot (no clue on |> screen, of course), is there a better hypervisor? I would prefer not to run |> X. Talking to CentOS on VNC suits me very well. |> |> Thanks, Frank. |> |> _______________________________________________ |> freebsd-questions@freebsd.org mailing list |> https://lists.freebsd.org/mailman/listinfo/freebsd-questions |> To unsubscribe, send any mail to "freebsd-questions- |> unsubscribe@freebsd.org" |> |_______________________________________________ |freebsd-questions@freebsd.org mailing list |https://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" | From owner-freebsd-questions@freebsd.org Mon Nov 13 14:10:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9911DBB619 for ; Mon, 13 Nov 2017 14:10:06 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8D3E26F8D5 for ; Mon, 13 Nov 2017 14:10:06 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id D19F8622ED; Mon, 13 Nov 2017 09:09:58 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFctoP31tDpZ; Mon, 13 Nov 2017 09:09:52 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id A0FCF604FE; Mon, 13 Nov 2017 09:09:51 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 13 Nov 2017 09:09:52 -0500 Message-ID: In-Reply-To: <20171111104543.11279fb7@gecko4> References: <68be33ca89aab31e068253dffe129021.squirrel@webmail.harte-lyne.ca> <20171111104543.11279fb7@gecko4> Date: Mon, 13 Nov 2017 09:09:52 -0500 Subject: Re: Regex character and collation class documentation From: "James B. Byrne" To: mfv@bway.net Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 14:10:06 -0000 On Sat, November 11, 2017 10:45, mfv wrote: > As a result I did some more digging and discovered that the valid > names for [[..]] are contained in /usr/src/lib/libc/regex > /cname.h. The names in "man ascii" are a subset of cname.h. > > It also explains why [[.SP.]] generates an error message. Even though > SP is listed in "man ascii" it is not specified in cname.h. > > Cheers ... > > Marek > A file named cname.h does not even exist on my system. At least if it does then find does not report it. On the other hand, this file: /usr/local/include/nstring.h contains this: /* The standard C library routines isdigit(), for some weird historical reason, does not take a character (type 'char') as its argument. Instead it takes an integer. When the integer is a whole number, it represents a character in the obvious way using the local character set encoding. When the integer is negative, the results are undefined. Passing a character to isdigit(), which expects an integer, results in isdigit() sometimes getting a negative number. On some systems, when the integer is negative, it represents exactly the character you want it to anyway (e.g. -1 is the character that is encoded 0xFF). But on others, it does not. (The same is true of other routines like isdigit()). Therefore, we have the substitutes for isdigit() etc. that take an actual character (type 'char') as an argument. */ #define ISALNUM(C) (isalnum((unsigned char)(C))) #define ISALPHA(C) (isalpha((unsigned char)(C))) #define ISCNTRL(C) (iscntrl((unsigned char)(C))) #define ISDIGIT(C) (isdigit((unsigned char)(C))) #define ISGRAPH(C) (isgraph((unsigned char)(C))) #define ISLOWER(C) (islower((unsigned char)(C))) #define ISPRINT(C) (isprint((unsigned char)(C))) #define ISPUNCT(C) (ispunct((unsigned char)(C))) #define ISSPACE(C) (isspace((unsigned char)(C))) #define ISUPPER(C) (isupper((unsigned char)(C))) #define ISXDIGIT(C) (isxdigit((unsigned char)(C))) #define TOUPPER(C) ((char)toupper((unsigned char)(C))) But nowhere can I find 'isnul' or ISNUL'. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Mon Nov 13 14:17:24 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00A68DBB870 for ; Mon, 13 Nov 2017 14:17:24 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B6846FC6B; Mon, 13 Nov 2017 14:17:23 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x235.google.com with SMTP id l22so14536783wrc.11; Mon, 13 Nov 2017 06:17:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=63TfCkuX1V0ZHH+lv9OZ/MTPcJFII8jYdQZX5nOMW7w=; b=Z7pzBBB2695FBz6Ut1XePkRZyH/w+CB0n5hUPGWbfP7UDsblZnoWhgIViSTZkevxMh mrGTs43/v4ZbCCE33/OgtXHFck7+5TjhNeMiH47uPkW+MnZruZC1z2Tmqff1i3EaXVxH OR9De7iHTSs9oMx1v0PWmXnzxp6p23kFMav/9tmNssFNLmXyWbbXGY6hzssMpq9jKXrN vndgFyUNaS0bcTNwHpu9FmWBXAyenwVv3RdWP7q0oSlBpPVmaYAshsHeQYqyXe7C9iyr hUvS2AkjS85jgeP/2iPV+NeAtQ1I+26PRFd4V0XUSRw76HoRURemXoHBipvOkEOyTwN5 SHFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=63TfCkuX1V0ZHH+lv9OZ/MTPcJFII8jYdQZX5nOMW7w=; b=U5oKz2fnTzCn5nE4Eqv2sVe6B96yI0d5S7mE/xR469cgTsmYEyZRA5rFmHz4hRvDgm sTaOopqzCOIzrk/WLPnib++Iu9EYckcpT0XxoVdpJLkwwUeLRuXb9wKtSZxqTlwT9Xz6 2ifF3B9Ol257mopHe4HOp08ydtn2W3V+9yat2psvHDtdzCRvZJ7wbHdQkYkxnaXLcNg3 HoEnvLHFlEtdQMDIMxrXztPgGoN8JJiinfgWCKpAwr/A0Mz97w8XoErpbRg9A2rv5RaO pvqSrd46QnbXochyJbZtZroCeLmbJfNbHXmMyS9NrZJqVfKMM7kRTn9AAnQOZ3XAJAWH HKtQ== X-Gm-Message-State: AJaThX6K6ID7+8gTgsFIALL1NHmQsaqIBHvTzN4IBZKOR5N6x4ahRZ/Y i27xKNfbB5aj3LGUox1CkhURdc0kBgLF3a1Ugks= X-Google-Smtp-Source: AGs4zMathU9npBKFD7LDWu1QjPxfwyk9+7HFhEQkaeF+7bC3WPAcqZgiLX6MhJjQ1qPv0aLNShJc3JvJCFsYMGWmIXg= X-Received: by 10.223.154.202 with SMTP id a68mr7084966wrc.8.1510582641090; Mon, 13 Nov 2017 06:17:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Mon, 13 Nov 2017 06:17:20 -0800 (PST) In-Reply-To: <20171111213759.I72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> From: Cos Chan Date: Mon, 13 Nov 2017 15:17:20 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 14:17:24 -0000 On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith wrote: > On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: > > > Dear All > > > > Thanks Ian's great help, I have solved problem to post banned entries > from > > blacklistd to ipfw. > > Well, we're some of the way there :) We really need Kurt Lidl's eyes on > this to make real progress, and indications are that my and your emails > cc'ing him were still being deferred for some reason - maybe he's away? > > > The original message was received at Tue, 7 Nov 2017 10:12:05 -0500 (EST) > > from mx2.freebsd.org [8.8.178.116] > > > > ----- Transcript of session follows ----- > > ... Deferred: Operation timed out with hydra.pix.net. > > Warning: message still undelivered after 4 hours > > Will keep trying until message is 1 week, 3 days old > > > > To my knowledge the problem is: > > > > I setup sshd+blacklistd without ipfw at first. Then I got problem the > entry > > was never reached nfail number (is it a bug?). > > The first issue was because of a severe deficiency in blacklistd-helper, > in that it doesn't actually check that the chosen firewall is running, > and it then fails to detect commands for that firewall that do not (can > not) succeed as any sort of error! More about that below. > > The second, however, was mainly that you missed that nfail set to '*' > means that the host is NOT to be blocked, no matter how many auth or > other failures that (in this case) sshd reports. > > That also answers another question you had .. "nnn/-1" indicates that > nfail=* ie never to be blocked. These still get accumulated in the > database, but are not applied as ipfw block rule table entries. > > > > so I have to change the nfail to * to get the entry into banned list. > > In combination with other factors - like whether ipfw was running at the > time - that got blacklistd to record reported failures to its database, > but not to execute the 'add' commands to blacklistd-helper, so that > address was not in fact blocked, and subsequent attempts kept trying. > > > But while I setup ipfw, the nfail=* would not activate > blacklistd-helper so > > no entry in blacklist banned list were added to ipfw. > > Yes, nfail=* means NEVER block these failed addreses. blacklistd.conf(5) > > > I have modify the blacklistd nfail to 2, sshd MaxAuthTries to 3. The > > blacklist entries working fine. > > With ipfw running, yes :) But it should have failed - noisily - sooner. > > When ipfw is running, issuing this will show you the addresses blocked: > > # ipfw table port22 list > until now it seems working on list updating. but I am not sure if it is really working fine. here is one strange record: $ sudo blacklistctl dump -b | grep 1662 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 This IP was blocked in ipfw from last week. while I checked it last week Friday it was 800+/1 in blacklist and until today it become 1662. To my knowledge the ipfw should block the connection, the times of banned IP should be not increased? I could see more entries with more than 3/1, for example: 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 These records I am not sure if they were not increased after added to ipfw list. but the 1662 times one, I am sure it was increased after ipfw had the ip in list. > > BUT I found another problem. > > > > The output of blacklist dump is strange: > > > > $ sudo blacklistctl dump > > address/ma:port id nfail last access > > 96.227.104.132/32:22 0/2 1970/01/01 01:00:00 > > 89.245.78.187/32:22 0/2 1970/01/01 01:00:00 > > 116.193.162.203/32:22 1/2 2017/11/09 11:48:05 > > > > Since the blacklistd accepts instruction from sshd. how could be 0/2 > > entries presented there? I am sure my successful logins were not added > to > > blacklistd. > > 1970/01/01 01:00:00 is just the UNIX '0' timestamp, in this case plus > one hour (your TZ offset). It here means 'no previous entry'. Not sure > about that 0/2, but there are several different codes returned by sshd > including success, failed auth and 'abusive behaviour' .. I'm not sure > which ones your reports (including in off-list mail) indicate. > > As for the mysterious 'n-1' behaviour you mentioned offlist for nfail, > in /usr/src/contrib/blacklist/bin/blacklistd.c there's this: > > switch (bi->bi_type) { > case BL_ABUSE: > /* > * If the application has signaled abusive behavior, > * set the number of fails to be one less than the > * configured limit. Fallthrough to the normal BL_ADD > * processing, which will increment the failure count > * to the threshhold, and block the abusive address. > */ > if (c.c_nfail != -1) > dbi.count = c.c_nfail - 1; > /*FALLTHROUGH*/ > case BL_ADD: > dbi.count++; > dbi.last = ts.tv_sec; > if (dbi.id[0]) { > /* > * We should not be getting this since the rule > * should have blocked the address. A possible > * explanation is that someone removed that rule, > * and another would be that we got another attempt > * before we added the rule. In anycase, we remove > * and re-add the rule because we don't want to add > * it twice, because then we'd lose track of it. > */ > (*lfun)(LOG_DEBUG, "rule exists %s", dbi.id); > (void)run_change("rem", &c, dbi.id, 0); > dbi.id[0] = '\0'; > } > if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { > int res = run_change("add", &c, dbi.id, sizeof( > dbi.id)); > if (res == -1) > goto out; > sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", > (void *)&rss); > (*lfun)(LOG_INFO, > "blocked %s/%d:%d for %d seconds", > rbuf, c.c_lmask, c.c_port, c.c_duration); > > } > break; > > But if the 'add' command via blacklistd-helper fails, it will never add > the 1 .. I'm not certain about this, but it could explain what you see, > although I can't discern whether sshd is reporting BL_ADD or BL_ABUSE. > > You might instead try MaxAuthTries 4 .. sshd_config(5) says: > > MaxAuthTries > Specifies the maximum number of authentication attempts > permitted > per connection. Once the number of failures reaches half this > value, additional failures are logged. The default is 6. > > Half of 3 as an integer is only 1, but half of 4 is 2. See if it helps? > I didnt change the MaxAuthTries, since I found something interesting from the different logs concerning that issue: >From blacklistctl dump: $ sudo blacklistctl dump address/ma:port id nfail last access 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 >From sshd log: Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi [preauth] Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi [preauth] ... Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user support [preauth] Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user admin [preauth] Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user admin [preauth] Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user ubnt [preauth] Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from 123.31.26.123 Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user PlcmSpIp [preauth] Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user admin [preauth] Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail [preauth] I see 2 problems: Problem 1: The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it tried only 2 times. But in my opinion it should be recorded to blacklistd as 2/1 instead of 0/1. Problem 2: The IP 123.31.26.123 was trying to use different user name to login more than 3 times. it was also recorded in blacklistd as 0/1. In my opinion the above 2 all should be banned by blacklistd. > > > I am trying to find out the reason from log but I dont know how to see > > blacklistd log. man page said that is to syslogd but what the facility > it > > is? or some other ways to get out log? > > Not sure of the facility but when using the -v switch, as you have been, > logging goes to stderr instead of syslog. Without -v you should see it > logging to /var/log/messages. If not, try adding to /etc/syslog.conf: > > !blacklistd > *.* /var/log/myblacklistd.log > > then '# touch /var/log/myblacklistd.log && service syslogd restart' > Unfortunately I started the logging later than Nov 11 03:50:57, so I didnt get the log of "0/1" records yet. > > Ok, problems with blacklistd-helper; the first bit verbatim, tabs lost: > > #!/bin/sh > #echo "run $@" 1>&2 > #set -x > # $1 command > # $2 rulename > # $3 protocol > # $4 address > # $5 mask > # $6 port > # $7 id > > pf= > if [ -f "/etc/ipfw-blacklist.rc" ]; then > pf="ipfw" > . /etc/ipfw-blacklist.rc > ipfw_offset=${ipfw_offset:-2000} > fi > > if [ -z "$pf" ]; then > for f in npf pf ipf; do > if [ -f "/etc/$f.conf" ]; then > pf="$f" > break > fi > done > fi > > if [ -z "$pf" ]; then > echo "$0: Unsupported packet filter" 1>&2 > exit 1 > fi > > Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. > In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf lying > around from before? it should have failed with 'exit 1' .. though it's > not clear from browsing the code that even that would cause it to quit. > No, there are not /etc/pf.conf and /etc/ipf.conf. > > So once /etc/ipfw-blacklist.rc exists, that's a flag indicating you > intend using ipfw, however there's NO check that ipfw is running .. > > Then - ignoring the pf) and ipf) sections - though I suspect they'd have > the same issue unless really running - here's the ipfw add bit, no tabs: > > add) > case "$pf" in > [..] > ipfw) > # use $ipfw_offset+$port for rule number > rule=$(($ipfw_offset + $6)) > tname="port$6" > /sbin/ipfw table $tname create type addr 2>/dev/null > > Unless ipfw is running, enabled, that will fail - silently. > > /sbin/ipfw -q table $tname add "$addr/$mask" > > Ditto, perhaps with a message to stderr - that's simply ignored. > > # if rule number $rule does not already exist, create it > /sbin/ipfw show $rule >/dev/null 2>&1 || \ > /sbin/ipfw add $rule drop $3 from \ > table"("$tname")" to any dst-port $6 >/dev/null && > \ > echo OK > ;; > > When both of these ipfw commands also fail, it'll only fail to echo OK. > > Not that failing to echo OK seems to matter to the calling code, but > the OK is kept as 'id' which is passed to the rem)ove code, but is > unused except by the npf firewall .. 'netbsd packet filter' I guess. > > I can certainly suggest patches for at least the ipfw sections - and > really, if the introductory code checks ipfw is working that should be > enough - but I'm unsure whether 'exit 1' after an error message is all > that's needed to get blacklistd to whinge loudly and refuse to continue? > > This should be turned into a PR via bugzilla, but since I'm not running > 11.x here, I can only really contribute if you do so and add me as a cc. > Sorry I dont know how to describe the problem in bugzilla since I dont really understand what you said. I have to learn more about the script :) > > Please try to avoid top-posting on replies, thanks. Sure, I will. > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 13 14:36:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A9CFDBBF0B for ; Mon, 13 Nov 2017 14:36:28 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0EB1970804 for ; Mon, 13 Nov 2017 14:36:27 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 7D5A9622ED for ; Mon, 13 Nov 2017 09:36:26 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLhALUQQ-qGu for ; Mon, 13 Nov 2017 09:36:24 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id D74B760A67 for ; Mon, 13 Nov 2017 09:36:23 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 13 Nov 2017 09:36:23 -0500 Message-ID: Date: Mon, 13 Nov 2017 09:36:23 -0500 Subject: Freebsd-update confusing warning message From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 14:36:28 -0000 What is this telling me? # freebsd-update fetch . . . No updates needed to update system to 11.0-RELEASE-p14. WARNING: FreeBSD 11.0-RELEASE-p12 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Tue Oct 31 19:59:59 EDT 2017 will not have been corrected. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Mon Nov 13 14:41:44 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E19C5DBC4B0 for ; Mon, 13 Nov 2017 14:41:44 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A6CD770BB1 for ; Mon, 13 Nov 2017 14:41:44 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 9F45B6652 for ; Mon, 13 Nov 2017 14:41:36 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: Freebsd-update confusing warning message To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: Date: Mon, 13 Nov 2017 14:41:35 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 14:41:45 -0000 On 13/11/2017 14:36, James B. Byrne via freebsd-questions wrote: > What is this telling me? > > # freebsd-update fetch > . . . > > No updates needed to update system to 11.0-RELEASE-p14. > > WARNING: FreeBSD 11.0-RELEASE-p12 HAS PASSED ITS END-OF-LIFE DATE. > Any security issues discovered after Tue Oct 31 19:59:59 EDT 2017 > will not have been corrected. > > It's telling you to update to 11.1-RELEASE. If you think that surely you "only just went to 11.0 and it can't be EoL already?" then read this: https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html Cheers, Matthew From owner-freebsd-questions@freebsd.org Mon Nov 13 14:50:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9340DBC713 for ; Mon, 13 Nov 2017 14:50:06 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B74170F0B for ; Mon, 13 Nov 2017 14:50:06 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from localhost.nl2k.ab.ca ([127.0.0.1]:41718 helo=doctor.nl2k.ab.ca) by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89 (FreeBSD)) (envelope-from ) id 1eEFfb-000EAl-AZ; Mon, 13 Nov 2017 07:25:11 -0700 Received: (from doctor@localhost) by doctor.nl2k.ab.ca (8.15.2/8.15.2/Submit) id vADEOwIl054357; Mon, 13 Nov 2017 07:24:58 -0700 (MST) (envelope-from doctor@doctor.nl2k.ab.ca) Date: Mon, 13 Nov 2017 07:24:58 -0700 From: The Doctor To: "Igor V. Ruzanov" Cc: Antranig Vartanian , "freebsd-questions@freebsd.org" , Frank Leonhardt Subject: Re: Centos on FreeBSD Message-ID: <20171113142458.GA48528@doctor.nl2k.ab.ca> References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 14:50:06 -0000 Are you running Centos in UEFI mode or non-UEFI mode? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Lest we Forget 2017 From owner-freebsd-questions@freebsd.org Mon Nov 13 16:14:13 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E451DBE202 for ; Mon, 13 Nov 2017 16:14:13 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.home.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9126773898 for ; Mon, 13 Nov 2017 16:14:11 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id vADGE2Bl051601 for ; Mon, 13 Nov 2017 16:14:02 GMT (envelope-from freebsd@qeng-ho.org) To: FreeBSD-Questions From: Arthur Chance Subject: TERES I laptop and FreeBSD? Message-ID: Date: Mon, 13 Nov 2017 16:14:02 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 16:14:13 -0000 Has anyone tried getting FreeBSD to run on this Open Source laptop? https://www.olimex.com/Products/DIY-Laptop/KITS/TERES-A64-WHITE/open-source-hardware It looks like it could be useful to take on holiday for mail, light browsing and VPNing back to your home systems, and it's cheap enough not to be a great loss if stolen/smashed. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Mon Nov 13 16:18:03 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57390DBE3EA for ; Mon, 13 Nov 2017 16:18:03 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp207.alice.it (smtp207.alice.it [82.57.200.103]) by mx1.freebsd.org (Postfix) with ESMTP id 1717673A0A for ; Mon, 13 Nov 2017 16:18:02 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (95.245.124.219) by smtp207.alice.it (8.6.060.28) id 59D204AC077E5D04 for freebsd-questions@freebsd.org; Mon, 13 Nov 2017 17:18:00 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id vADGHl39015002 for ; Mon, 13 Nov 2017 17:17:47 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: OpenSSL CVE-2017-3736 To: freebsd-questions@freebsd.org Message-ID: Date: Mon, 13 Nov 2017 17:17:42 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 16:18:03 -0000 Hello. A little bit out of curiosity and a little bit to plan my work... I thought any version of FreeBSD would be affected by this vulnerability, but heard nothing on the list. Am I wrong? Are we safe? Is a SA coming? I see devel/openssl was upgraded to 1.0.2m. Are we expected to go the port way? bye & Thanks av. From owner-freebsd-questions@freebsd.org Mon Nov 13 17:38:02 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A7DBCDC00AB for ; Mon, 13 Nov 2017 17:38:02 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 62FF176453 for ; Mon, 13 Nov 2017 17:38:02 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from torb.pix.net ([IPv6:2001:470:e254:11:7968:5ae2:f21d:3c5f]) (authenticated bits=0) by hydra.pix.net (8.15.2/8.15.2) with ESMTPA id vADHbqvK001796; Mon, 13 Nov 2017 12:37:59 -0500 (EST) (envelope-from lidl@FreeBSD.org) X-Authentication-Warning: hydra.pix.net: Host [IPv6:2001:470:e254:11:7968:5ae2:f21d:3c5f] claimed to be torb.pix.net Reply-To: lidl@FreeBSD.org Subject: Re: How to setup IPFW working with blacklistd To: Cos Chan , Ian Smith Cc: freebsd-questions , Michael Ross References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> From: Kurt Lidl Message-ID: <7961d19a-bc0c-6dc4-771e-f702ce741144@FreeBSD.org> Date: Mon, 13 Nov 2017 12:37:46 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 17:38:02 -0000 Greetings all! Sorry for not being response to your request for help sooner. I had a bit of a hardware crisis here last week, where what I thought was merely a blown power supply turned out to be a failed motherboard. Getting the 2.5" SAS drives back up and running in a different machine took far longer than I would have guessed. That, along with a secondary MX host that was offline for the first 36 hours after the main mail server went down was a cause for additional excitement. Anyway. I've read through the mail exchange, although its a bit hard to follow all of it. I'll offer a couple of observations about blacklistd and how it operates, and maybe that will shed some light on the problem at hand. If not, well, I'd like to start fresh with the current configuration, and what you're seeing on your host. Observations that might help: 1) The blacklistd support in 11.0 was broken in a couple of significant ways. The blacklistd support in 11.1 is thought to be fully functional. If you're not running 11.1, you will need to update to 11.1. 2) I only use blacklistd with 'pf' in my day-to-day usage. I extended the support in blacklistd-helper to hopefully handle both ipfw and ipf, and it seemed to work OK for my test setup. HOWEVER, it is entirely possible that the way I did the ipf/ipfw support has a flaw (or more) in it. 3) The changes to the various daemons to support the blacklist just enable sending messages (and a copy of the fd of socket) to the blacklist daemon. The blacklist daemon will extract information from the kernel about the socket's other end (ie, the information about the remote system), and stores that information in a database. 4) After the information is stored in the database, the blacklist daemon calls the blacklistd-helper script and that script is responsible for modifying the firewall rules that are in effect. If the script has a bug, it's entirely possible that the information in the database will be out of sync with the current firewall rules in effect. 5) If you're experiencing a situation where the number of login attempts is greater than the cutoff for the service (e.g., the "1662/1" noted in the email thread), that means that whatever firewall rule that is supposed to be blocking the service isn't blocking the traffic. (See next item for a case where the right rules are in the filter, but you still get a "modest" overage of attempts vs the cutoff.) 6) On a slow-ish single-CPU host (like the sparc64 that I use as my gateway), it's possible to get more attempts than the cutoff for a persist, high-speed attacker. Basically, it takes so long before the system context switches to the blacklist daemon, and the entry gets added to the pf table. Where "so long" is still less than a second, but the machine has already seen 10 or 12 attempts! For example, here's a partial list of what my gateway is reporting right now: root@gatekeeper-130: blacklistctl dump -a address/ma:port id nfail last access [...] 61.126.187.219/32:22 OK 3/3 2017/11/12 17:31:40 156.212.51.78/32:22 OK 23/3 2017/11/12 19:09:38 179.53.156.109/32:22 OK 3/3 2017/11/12 19:58:57 220.174.236.220/32:22 2/3 2017/11/12 23:39:58 198.245.63.120/32:22 OK 3/3 2017/11/13 10:36:15 You can see a couple of "normally blocked" attempts (3/3), a single IP address that has 2 of 3 attempts, and a very, very persistent/fast host that got in 23 attempts before it got blocked. 7) There was a note about different usernames from the same remote host. The blacklist support currently does not differentiate between usernames. It is just counting the number of attempts from a remote IP address. There's unfinished support for having a "known bad" set of usernames, where a single login attempt for that username will block the remote address. This will allow (when finished), easy blocking of the twenty or so most common usernames that are probed. Hopefully this will help. -Kurt On 11/13/17 9:17 AM, Cos Chan wrote: > > > On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith > wrote: > > On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: > >  > Dear All >  > >  > Thanks Ian's great help, I have solved problem to post banned > entries from >  > blacklistd to ipfw. > > Well, we're some of the way there :)  We really need Kurt Lidl's eyes on > this to make real progress, and indications are that my and your emails > cc'ing him were still being deferred for some reason - maybe he's away? > > > The original message was received at Tue, 7 Nov 2017 10:12:05 > -0500 (EST) > > from mx2.freebsd.org [8.8.178.116] > > > >    ----- Transcript of session follows ----- > > >... Deferred: Operation timed out > with hydra.pix.net . > > Warning: message still undelivered after 4 hours > > Will keep trying until message is 1 week, 3 days old > > >  > To my knowledge the problem is: >  > >  > I setup sshd+blacklistd without ipfw at first. Then I got > problem the entry >  > was never reached nfail number (is it a bug?). > > The first issue was because of a severe deficiency in blacklistd-helper, > in that it doesn't actually check that the chosen firewall is running, > and it then fails to detect commands for that firewall that do not (can > not) succeed as any sort of error!  More about that below. > > The second, however, was mainly that you missed that nfail set to '*' > means that the host is NOT to be blocked, no matter how many auth or > other failures that (in this case) sshd reports. > > That also answers another question you had .. "nnn/-1" indicates that > nfail=* ie never to be blocked.  These still get accumulated in the > database, but are not applied as ipfw block rule table entries. > > >  > so I have to change the nfail to * to get the entry into banned > list. > > In combination with other factors - like whether ipfw was running at the > time - that got blacklistd to record reported failures to its database, > but not to execute the 'add' commands to blacklistd-helper, so that > address was not in fact blocked, and subsequent attempts kept trying. > >  > But while I setup ipfw, the nfail=* would not activate > blacklistd-helper so >  > no entry in blacklist banned list were added to ipfw. > > Yes, nfail=* means NEVER block these failed addreses. blacklistd.conf(5) > >  > I have modify the blacklistd nfail to 2, sshd MaxAuthTries to 3. The >  > blacklist entries working fine. > > With ipfw running, yes :)  But it should have failed - noisily - sooner. > > When ipfw is running, issuing this will show you the addresses blocked: > >  # ipfw table port22 list > > > until now it seems working on list updating. but I am not sure if it is > really working fine. > > here is one strange record: > > $ sudo blacklistctl dump -b | grep 1662 > 193.201.224.218/32:22    OK      1662/1 > 2017/11/13 00:31:04 > > This IP was blocked in ipfw from last week. while I checked it last week > Friday it was 800+/1 in blacklist and until today it become 1662. > > To my knowledge the ipfw should block the connection, the times of > banned IP should be not increased? > > I could see more entries with more than 3/1, for example: > > 89.160.221.132/32:22    OK      18/1 > 2017/11/13 00:01:21 > 60.125.42.119/32:22    OK      3/1 >  2017/11/12 16:13:53 > 166.62.35.180/32:22    OK      3/1 >  2017/11/10 06:36:25 > 202.162.221.51/32:22    OK      6/1 >  2017/11/10 00:42:14 > 168.0.114.130/32:22    OK      3/1 >  2017/11/10 23:40:30 > 95.145.71.165/32:22    OK      3/1 >  2017/11/11 07:07:07 > 123.161.206.210/32:22    OK      3/1 >  2017/11/12 18:14:00 > 203.146.208.208/32:22    OK      6/1 >  2017/11/10 10:16:21 > 149.56.223.241/32:22    OK      1/1 >  2017/11/12 06:09:16 > 121.169.217.98/32:22    OK      9/1 >  2017/11/12 21:59:57 > 211.251.237.162/32:22    OK      2/1 >  2017/11/13 12:08:07 > 103.99.0.116/32:22    OK      30/1 > 2017/11/10 14:56:07 > > These records I am not sure if they were not increased after added to > ipfw list. but the 1662 times one, I am sure it was increased after ipfw > had the ip in list. > > >  > BUT I found another problem. >  > >  > The output of blacklist dump is strange: >  > >  > $ sudo blacklistctl dump >  >         address/ma:port id      nfail   last access >  > 96.227.104.132/32:22 >  0/2     1970/01/01 01:00:00 >  > 89.245.78.187/32:22            0/2 >    1970/01/01 01:00:00 >  > 116.193.162.203/32:22 >  1/2     2017/11/09 11:48:05 >  > >  > Since the blacklistd accepts instruction from sshd. how could be 0/2 >  > entries presented there? I am sure my successful logins were not > added to >  > blacklistd. > > 1970/01/01 01:00:00 is just the UNIX '0' timestamp, in this case plus > one hour (your TZ offset).  It here means 'no previous entry'.  Not sure > about that 0/2, but there are several different codes returned by sshd > including success, failed auth and 'abusive behaviour' .. I'm not sure > which ones your reports (including in off-list mail) indicate. > > As for the mysterious 'n-1' behaviour you mentioned offlist for nfail, > in /usr/src/contrib/blacklist/bin/blacklistd.c there's this: > >         switch (bi->bi_type) { >         case BL_ABUSE: >                 /* >                  * If the application has signaled abusive behavior, >                  * set the number of fails to be one less than the >                  * configured limit.  Fallthrough to the normal BL_ADD >                  * processing, which will increment the failure count >                  * to the threshhold, and block the abusive address. >                  */ >                 if (c.c_nfail != -1) >                         dbi.count = c.c_nfail - 1; >                 /*FALLTHROUGH*/ >         case BL_ADD: >                 dbi.count++; >                 dbi.last = ts.tv_sec; >                 if (dbi.id [0]) { >                         /* >                          * We should not be getting this since the rule >                          * should have blocked the address. A possible >                          * explanation is that someone removed that > rule, >                          * and another would be that we got another > attempt >                          * before we added the rule. In anycase, we > remove >                          * and re-add the rule because we don't > want to add >                          * it twice, because then we'd lose track > of it. >                          */ >                         (*lfun)(LOG_DEBUG, "rule exists %s", dbi.id > ); >                         (void)run_change("rem", &c, dbi.id > , 0); > dbi.id [0] = '\0'; >                 } >                 if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { >                         int res = run_change("add", &c, dbi.id > , sizeof(dbi.id )); >                         if (res == -1) >                                 goto out; >                         sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", >                             (void *)&rss); >                         (*lfun)(LOG_INFO, >                             "blocked %s/%d:%d for %d seconds", >                             rbuf, c.c_lmask, c.c_port, c.c_duration); > >                 } >                 break; > > But if the 'add' command via blacklistd-helper fails, it will never add > the 1 .. I'm not certain about this, but it could explain what you see, > although I can't discern whether sshd is reporting BL_ADD or BL_ABUSE. > > You might instead try MaxAuthTries 4 .. sshd_config(5) says: > >      MaxAuthTries >              Specifies the maximum number of authentication > attempts permitted >              per connection.  Once the number of failures reaches > half this >              value, additional failures are logged.  The default is 6. > > Half of 3 as an integer is only 1, but half of 4 is 2.  See if it helps? > > > I didnt change the MaxAuthTries, since I found something interesting > from the different logs concerning that issue: > > From blacklistctl dump: > > $ sudo blacklistctl dump >         address/ma:port id      nfail   last access > 78.203.146.34/32:22            0/1 >  1970/01/01 01:00:00 > 195.225.116.21/32:22            0/1 >  1970/01/01 01:00:00 > 123.31.26.123/32:22            0/1 >  1970/01/01 01:00:00 > 112.148.101.13/32:22            0/1 >  1970/01/01 01:00:00 > 93.23.6.18/32:22            0/1     1970/01/01 > 01:00:00 > 5.102.197.124/32:22            0/1 >  1970/01/01 01:00:00 > 193.154.127.32/32:22            0/1 >  1970/01/01 01:00:00 > 113.232.216.41/32:22            0/1 >  1970/01/01 01:00:00 > > From sshd log: > > Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi > [preauth] > Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi > [preauth] > ... > Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 > Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user > support [preauth] > Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from > 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from > 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from > 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 > Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user > ubnt [preauth] > Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from > 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from 123.31.26.123 > Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user > PlcmSpIp [preauth] > Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from > 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from > 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > > I see 2 problems: > > Problem 1: > The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it > tried only 2 times. > But in my opinion it should be recorded to blacklistd as 2/1 instead of 0/1. > > Problem 2: > The IP 123.31.26.123 was trying to use different user name to login more > than 3 times. it was also recorded in blacklistd as 0/1. > > In my opinion the above 2 all should be banned by blacklistd. > > >  > I am trying to find out the reason from log but I dont know how > to see >  > blacklistd log. man page said that is to syslogd but what the > facility it >  > is? or some other ways to get out log? > > Not sure of the facility but when using the -v switch, as you have been, > logging goes to stderr instead of syslog.  Without -v you should see it > logging to /var/log/messages.  If not, try adding to /etc/syslog.conf: > > !blacklistd > *.*             /var/log/myblacklistd.log > > then '# touch /var/log/myblacklistd.log && service syslogd restart' > > > Unfortunately I started the logging later than Nov 11 03:50:57, so I > didnt get the log of "0/1" records yet. > > > Ok, problems with blacklistd-helper; the first bit verbatim, tabs lost: > > #!/bin/sh > #echo "run $@" 1>&2 > #set -x > # $1 command > # $2 rulename > # $3 protocol > # $4 address > # $5 mask > # $6 port > # $7 id > > pf= > if [ -f "/etc/ipfw-blacklist.rc" ]; then >         pf="ipfw" >         . /etc/ipfw-blacklist.rc >         ipfw_offset=${ipfw_offset:-2000} > fi > > if [ -z "$pf" ]; then >         for f in npf pf ipf; do >                 if [ -f "/etc/$f.conf" ]; then >                         pf="$f" >                         break >                 fi >         done > fi > > if [ -z "$pf" ]; then >         echo "$0: Unsupported packet filter" 1>&2 >         exit 1 > fi > > Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. > In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf lying > around from before? it should have failed with 'exit 1' .. though it's > not clear from browsing the code that even that would cause it to quit. > > > No, there are not /etc/pf.conf and /etc/ipf.conf. > > > So once /etc/ipfw-blacklist.rc exists, that's a flag indicating you > intend using ipfw, however there's NO check that ipfw is running .. > > Then - ignoring the pf) and ipf) sections - though I suspect they'd have > the same issue unless really running - here's the ipfw add bit, no tabs: > > add) >         case "$pf" in > [..] >         ipfw) >                 # use $ipfw_offset+$port for rule number >                 rule=$(($ipfw_offset + $6)) >                 tname="port$6" >                 /sbin/ipfw table $tname create type addr 2>/dev/null > > Unless ipfw is running, enabled, that will fail - silently. > >                 /sbin/ipfw -q table $tname add "$addr/$mask" > > Ditto, perhaps with a message to stderr - that's simply ignored. > >                 # if rule number $rule does not already exist, > create it >                 /sbin/ipfw show $rule >/dev/null 2>&1 || \ >                         /sbin/ipfw add $rule drop $3 from \ >                         table"("$tname")" to any dst-port $6 > >/dev/null && \ >                         echo OK >                 ;; > > When both of these ipfw commands also fail, it'll only fail to echo OK. > > Not that failing to echo OK seems to matter to the calling code, but > the OK is kept as 'id' which is passed to the rem)ove code, but is > unused except by the npf firewall .. 'netbsd packet filter' I guess. > > I can certainly suggest patches for at least the ipfw sections - and > really, if the introductory code checks ipfw is working that should be > enough - but I'm unsure whether 'exit 1' after an error message is all > that's needed to get blacklistd to whinge loudly and refuse to continue? > > This should be turned into a PR via bugzilla, but since I'm not running > 11.x here, I can only really contribute if you do so and add me as a cc. > > > Sorry I dont know how to describe the problem in bugzilla since I dont > really understand what you said. > I have to learn more about the script :) > > > Please try to avoid top-posting on replies, thanks. > > > Sure, I will. > > > cheers, Ian > > > > > -- > with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 13 17:40:47 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0403DDC01EC for ; Mon, 13 Nov 2017 17:40:47 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [IPv6:2607:f740:c::4ae]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E691E7663F for ; Mon, 13 Nov 2017 17:40:46 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from chombo.houseloki.net (unknown [IPv6:2601:1c2:1400:8d31:21c:c0ff:fe7f:96ee]) by echo.brtsvcs.net (Postfix) with ESMTPS id 2C90038F89; Mon, 13 Nov 2017 09:40:46 -0800 (PST) Received: from [IPv6:2601:1c2:1400:8d31:ed5f:2adb:97f:1e30] (unknown [IPv6:2601:1c2:1400:8d31:ed5f:2adb:97f:1e30]) by chombo.houseloki.net (Postfix) with ESMTPSA id 0D74F28A; Mon, 13 Nov 2017 09:40:45 -0800 (PST) Subject: Re: OpenSSL CVE-2017-3736 To: Andrea Venturoli , freebsd-questions@freebsd.org References: From: Mel Pilgrim Message-ID: <6c8cfb16-f752-05a9-8739-808246f92e8d@bluerosetech.com> Date: Mon, 13 Nov 2017 09:40:44 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 17:40:47 -0000 On 11/13/2017 08:17, Andrea Venturoli wrote: > Hello. > > A little bit out of curiosity and a little bit to plan my work... > > I thought any version of FreeBSD would be affected by this > vulnerability, but heard nothing on the list. > > Am I wrong? Are we safe? > Is a SA coming? OpenSSL in 11.1 is 1.0.2k, so no, no, and yes (hopefully). > > I see devel/openssl was upgraded to 1.0.2m. Are we expected to go the > port way? That's not possible in all cases, but if you can, building with ports openssl is a good idea. Also, you'll need to use head, because security/openssl in 2017Q4 is still 1.0.2l. From owner-freebsd-questions@freebsd.org Mon Nov 13 19:35:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 042FFDC9345 for ; Mon, 13 Nov 2017 19:35:40 +0000 (UTC) (envelope-from mfv@bway.net) Received: from smtp1.bway.net (smtp1.bway.net [216.220.96.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C99387A034 for ; Mon, 13 Nov 2017 19:35:39 +0000 (UTC) (envelope-from mfv@bway.net) Received: from gecko4 (host-216-220-115-221.dsl.bway.net [216.220.115.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: m1316v@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id D567C95897; Mon, 13 Nov 2017 14:35:29 -0500 (EST) Date: Mon, 13 Nov 2017 14:35:29 -0500 From: mfv To: "James B. Byrne via freebsd-questions" Cc: byrnejb@harte-lyne.ca Subject: Re: Regex character and collation class documentation Message-ID: <20171113143529.572a4b76@gecko4> In-Reply-To: References: <68be33ca89aab31e068253dffe129021.squirrel@webmail.harte-lyne.ca> <20171111104543.11279fb7@gecko4> Reply-To: mfv@bway.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 19:35:41 -0000 > On Mon, 2017-11-13 at 09:09 "James B. Byrne via freebsd-questions" > wrote: > >On Sat, November 11, 2017 10:45, mfv wrote: > >> As a result I did some more digging and discovered that the valid >> names for [[..]] are contained in /usr/src/lib/libc/regex >> /cname.h. The names in "man ascii" are a subset of cname.h. >> >> It also explains why [[.SP.]] generates an error message. Even >> though SP is listed in "man ascii" it is not specified in cname.h. >> >> Cheers ... >> >> Marek >> > >A file named cname.h does not even exist on my system. At least if it >does then find does not report it. On the other hand, this file: > >/usr/local/include/nstring.h > >contains this: > >/* The standard C library routines isdigit(), for some weird > historical reason, does not take a character (type 'char') as its > argument. Instead it takes an integer. When the integer is a whole > number, it represents a character in the obvious way using the local > character set encoding. When the integer is negative, the results > are undefined. > > Passing a character to isdigit(), which expects an integer, > results in isdigit() sometimes getting a negative number. > > On some systems, when the integer is negative, it represents exactly > the character you want it to anyway (e.g. -1 is the character that > is encoded 0xFF). But on others, it does not. > > (The same is true of other routines like isdigit()). > > Therefore, we have the substitutes for isdigit() etc. that take an > actual character (type 'char') as an argument. >*/ > >#define ISALNUM(C) (isalnum((unsigned char)(C))) >#define ISALPHA(C) (isalpha((unsigned char)(C))) >#define ISCNTRL(C) (iscntrl((unsigned char)(C))) >#define ISDIGIT(C) (isdigit((unsigned char)(C))) >#define ISGRAPH(C) (isgraph((unsigned char)(C))) >#define ISLOWER(C) (islower((unsigned char)(C))) >#define ISPRINT(C) (isprint((unsigned char)(C))) >#define ISPUNCT(C) (ispunct((unsigned char)(C))) >#define ISSPACE(C) (isspace((unsigned char)(C))) >#define ISUPPER(C) (isupper((unsigned char)(C))) >#define ISXDIGIT(C) (isxdigit((unsigned char)(C))) >#define TOUPPER(C) ((char)toupper((unsigned char)(C))) > >But nowhere can I find 'isnul' or ISNUL'. > > > Hello James, Do you have /usr/src on your system? All the directories under /usr/src are the source code used to build FreeBSD on one's own computer. If not, here is a link to the GIT repository where the source code for /usr/src/lib/libc/regex/cname.h can be seen: https://github.com/freebsd/freebsd/blob/master/lib/libc/regex/cname.h All names listed on the left can be used in sed to match the character to the right. For example, /[[.asterisk.]]{3}/ matches ***. Some of the characters have two names. For example, the octal control character '\007' is represented by 'BEL' as well as 'alert'. I do not know the purpose of /usr/local/include/nstring.h. As such I can not shed any light on that particular file. Cheers ... Marek From owner-freebsd-questions@freebsd.org Mon Nov 13 19:54:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4EF3DC9E2E for ; Mon, 13 Nov 2017 19:54:58 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9460A7B801 for ; Mon, 13 Nov 2017 19:54:58 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: by mail-qk0-x234.google.com with SMTP id v137so21288553qkb.1 for ; Mon, 13 Nov 2017 11:54:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=VUARGtwXWIVR6dTKCDb3KDEP7m4VyRN0WABixvjUM6g=; b=b802L+IpKdYM4TU78Y+l60jkxGIKd5PLcnElsc3sX01aVZAwQ1QhhnCpT9Nr7IWDeb fjI5tWWnKeRAHuef9ay7eDXAGnRy5ihFOvZJJhgPLiBYrolvMRpyZ9l5DJOlycrDfvg4 YId/PUudjJ1sC7HIAkpbMRQaO92IfM2e6gfDdYGhBWwlZ5/N2941AVQxvPgRTN0kzeFS Lf8nNqAV2Nm0C01ajHEwkhx+9cpvvajMSmHf+PbBadZByBXSprTBmDsb4erqa+rDlB8j 86b1dfrqJUhZjwftko2dOyOZJ2so8PSO/PpuNLqcutqhJIQ8f57fxks6kZdPew88c211 q+qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VUARGtwXWIVR6dTKCDb3KDEP7m4VyRN0WABixvjUM6g=; b=SgrzBudSFBDu7k3DVRPy32h35XBv1wNI0l+hXyovuo9juY3ug8B2pyjaBdGGZXbOM0 NP4okTEDXEquRPYwAXk4BIVJ6x30jfucrIksvfFmAGxXRj08uoUQ5cMvmwHWZMQ9gRJA CyAaiChn+Mrn1Zk0LN9r6ucjKxBmPcA7TcWTIgUZJ66d7l91JKyvFVIJ46DbEQjAg589 TL21KiwNIgjRhWEg0lBS3Xb6vYktJMDtTcyN5L5LQg5WdS3JGSgmYJcMDqr/K8hdU3nB gynM4WD6mkVrs+JAaWYl/9FNz8xpFNnxycK2v8+mqLPGTnA3G/OinhZ7EqEpv5UXWRXm 90Kw== X-Gm-Message-State: AJaThX5iSyc59O0LTt7r6lpg3A7JRLIX4MUiaIQa6DY6BHz3Xe4z9bIW NLQywRhHQv8ceB0O4JQAN1wpJy1TEJnm5cS7RSwang== X-Google-Smtp-Source: AGs4zMaDsnXweyIvxw8HMNe47m3SCLkO/eB94yTfIo9XDPA2TKi/htsitX3kJ8IIsmyx/NJapH9/0gfKbl4kauvpoNQ= X-Received: by 10.55.56.147 with SMTP id f141mr14311648qka.310.1510602897176; Mon, 13 Nov 2017 11:54:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.86.70 with HTTP; Mon, 13 Nov 2017 11:54:56 -0800 (PST) From: Eduardo Lemos de Sa Date: Mon, 13 Nov 2017 17:54:56 -0200 Message-ID: Subject: Problems with network inside a VirtualBox To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 19:54:59 -0000 Dear Since two years or more, i have a win-xp virtualbox machine running in FreeBSD-amd64 as host. I have two FreeBSD machines (amd-64): 10.4 (at home) and 11.1 (at work), both running under GENERIC kernel. The problem is that under 10.4-RELEASE, I can install and have networking operational, but I cannot have the same under 11.1-RELEASE. Attached, I am sending a pdf file with network config in VirtualBox, At /boot/loader.conf: kern.geom.label.disk_ident.enable=3D"0" kern.geom.label.gptid.enable=3D"0" zfs_load=3D"YES" fuse_load=3D"YES" nvidia_load=3D"YES" vboxdrv_load=3D"YES" hw.ata.atapi_dma=3D1 kern.ipc.semmni=3D"1250" kern.ipc.semmns=3D"9000" #kern.ipc.shmmax=3D"2863311530" #kern.ipc.shmall=3D"4194304" And /etc/rc.conf hostname=3D"matata" keymap=3D"br275.iso.acc" ifconfig_re0=3D"inet 200.xx.xxx.xx netmask 255.255.255.0" sshd_enable=3D"YES" ntpd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" zfs_enable=3D"YES" linux_enable=3D"YES" openssh_enable=3D"YES" sshguard_enable=3D"YES" moused_enable=3D"YES" ntpdate_enable=3D"YES" powerd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" hald_enable=3D"YES" dbus_enable=3D"YES" apache24_enable=3D"YES" vboxnet_enable=3D"YES" vboxguest_enable=3D"YES" vboxservice_enable=3D"YES" devfs_system_ruleset=3D"system" # -- sysinstall generated deltas -- # Tue Feb 4 15:16:44 2014 saver=3D"blank" #blanktime=3D"120" smartd_enable=3D"YES" #vboxdrv_load=3D"YES" Please, could someone give some hints to solve this problem? Thank you in advance My best wishes Eduardo --=20 Eduardo Lemos de Sa Professor Titular Dep. Quimica da Universidade Federal do Paran=C3=A1 fone: +55(41)3361-3300 fax: +55(41)3361-3186 From owner-freebsd-questions@freebsd.org Mon Nov 13 19:57:54 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F00CDDC9F93 for ; Mon, 13 Nov 2017 19:57:54 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 902487B96B for ; Mon, 13 Nov 2017 19:57:54 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: by mail-qk0-x236.google.com with SMTP id 136so10437751qkd.4 for ; Mon, 13 Nov 2017 11:57:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=A2s4p3sjLvp6axscSqPkwdN2sS49Q2b9ORinNKAOQxU=; b=aAz1ESV12/yyvOCu3BX575/qZjxTiPwVR2ISt4jDlfcZgPbCcL+doVpJZ+lsSEUSVx MjziKMJu//CcnGxPUaLrbMiHkuQVi6TVP5riHGKu55r2PhKB4AZVMlp6upRuORZUsNdr r5fTv6fjqRFSvXJ51v6R5ta6OWizX47EudbDD9RXi2MufpCUXTSBa1mtw0mHiF6+V6f2 7UYr2KCNsE9lTeYcbyP2X3xxUBSzygDdObYslHgYVGh0xWHzzsM1ozuFYY1J+n7nHcDK x7pywW2PoemmwEicZjP25VVrmS9qIbtvDx+xJo9hmyI7Iv9i82hQ3AJurV7kt0Iznn3/ LQsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=A2s4p3sjLvp6axscSqPkwdN2sS49Q2b9ORinNKAOQxU=; b=IAWMltvy8woFzGhPlNg2JDzaMPwdyaeDsaTS0v1hbN8C+Pj2MuWAt97J0bBPoo35nP vlFW02HMl30BEpljF5Qd2ktKkmZIcFHkPAZ9E/O9534krVLisSZ70l0CtyocmI7moexO Q+mYtW6I2HNkkZQo+zP8ri4AEw1Peri3np00jgPqOQH2L628k1GUPIxipoR9GvGeYmJA Ypjrtcs+55FlQwbKHyWaIhBeaiVPpyftOrubnbgNDkvpRjv2BCRJHTpBywWzI1XStCIz sobcoRYPGkfDoSRTDC+jP381KvKfxRtyjJ5M59KZR3g2warKXLftl8jrBjz1Zx/aOZIk oBiw== X-Gm-Message-State: AJaThX5IztxzmXuraEgQLZ6DEFFTvVTD+c/3At5W8AUAd5H6yp77IzQV px8FJ57xmvCi9zeo62OijZAH/4KRdjPVJK9kkXo= X-Google-Smtp-Source: AGs4zMZ1ejtR/erzWz8CWk+CrSY/dyiYCCBHTGxpunM/8S87nx4x33M/XDpx6zyXZoXjxc4NdfUer1nzIrVLraLP8fw= X-Received: by 10.55.96.1 with SMTP id u1mr16242861qkb.238.1510603073299; Mon, 13 Nov 2017 11:57:53 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.86.70 with HTTP; Mon, 13 Nov 2017 11:57:52 -0800 (PST) From: Eduardo Lemos de Sa Date: Mon, 13 Nov 2017 17:57:52 -0200 Message-ID: Subject: Problems with Virtual-box To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 19:57:55 -0000 Dear Sorry, I forgot to attach the pdf file with a virtualbox network configuration. Thank you My best wishes Eduardo --=20 Eduardo Lemos de Sa Professor Titular Dep. Quimica da Universidade Federal do Paran=C3=A1 fone: +55(41)3361-3300 fax: +55(41)3361-3186 From owner-freebsd-questions@freebsd.org Mon Nov 13 20:07:55 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 592A0DD4447 for ; Mon, 13 Nov 2017 20:07:55 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay10.qsc.de (mailrelay10.qsc.de [212.99.163.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C3D057C12C for ; Mon, 13 Nov 2017 20:07:54 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay10.qsc.de; Mon, 13 Nov 2017 21:07:51 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 856F63CBF9; Mon, 13 Nov 2017 21:07:50 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vADK7no7002055; Mon, 13 Nov 2017 21:07:49 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 13 Nov 2017 21:07:49 +0100 From: Polytropon To: "Steve O'Hara-Smith" Cc: freebsd-questions@freebsd.org Subject: Re: List of OS in BSD family Message-Id: <20171113210749.c39866b8.freebsd@edvax.de> In-Reply-To: <20171113112729.6ac8fa7a03639a2005b90b1f@sohara.org> References: <5A084CBA.7090204@gmail.com> <20171112145938.cb0488ab.freebsd@edvax.de> <20171112142326.GA52428@FreeBSD> <20171113112729.6ac8fa7a03639a2005b90b1f@sohara.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay10.qsc.de with D14F5683565 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1366 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 20:07:55 -0000 On Mon, 13 Nov 2017 11:27:29 +0000, Steve O'Hara-Smith wrote: > On Mon, 13 Nov 2017 19:25:11 +1030 > Shane Ambler wrote: > > > You mean like OSX, which uses a merge of the Mach and BSD kernels. > > > > But then I thought SunOS used to be on that tree, maybe there are more > > complete variations of that tree. > > I have seen a more complete unix family tree that includes all the > commercial branches, it's a lot more complex. Yes, such a _very_ detailed and updated (!) file exists. But keep in mind the file in question is a "BSD family tree", not a general "UNIX family tree", and it concentrates on Free/Net/Open/DragonflyBSD primarily, but also includes Mac OS X (now called macOS) due to the strong family membership. :-) This is the current version: https://raw.githubusercontent.com/freebsd/freebsd/master/share/misc/bsd-family-tree -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Mon Nov 13 20:14:39 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C27D3DD47C5 for ; Mon, 13 Nov 2017 20:14:39 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay13.qsc.de (mailrelay13.qsc.de [212.99.187.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F33E7C5D8 for ; Mon, 13 Nov 2017 20:14:38 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay13.qsc.de; Mon, 13 Nov 2017 21:14:30 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id D79FE3CBF9; Mon, 13 Nov 2017 21:14:29 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vADKETwG002078; Mon, 13 Nov 2017 21:14:29 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 13 Nov 2017 21:14:29 +0100 From: Polytropon To: byrnejb@harte-lyne.ca Cc: "James B. Byrne via freebsd-questions" , mfv@bway.net Subject: Re: Regex character and collation class documentation Message-Id: <20171113211429.bf4f1723.freebsd@edvax.de> In-Reply-To: References: <68be33ca89aab31e068253dffe129021.squirrel@webmail.harte-lyne.ca> <20171111104543.11279fb7@gecko4> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay13.qsc.de with 4A0DA683617 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1515 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 20:14:39 -0000 On Mon, 13 Nov 2017 09:09:52 -0500, James B. Byrne via freebsd-questions wrote: > A file named cname.h does not even exist on my system. At least if it > does then find does not report it. Check the following ocation: /usr/src/lib/libc/regex/cname.h > On the other hand, this file: > > /usr/local/include/nstring.h Due to the path, this file seems to be installed by a port. You could check which one it was. > contains this: > > /* The standard C library routines isdigit(), for some weird > historical reason, does not take a character (type 'char') as its > argument. Instead it takes an integer. When the integer is a whole > number, it represents a character in the obvious way using the local > character set encoding. When the integer is negative, the results > are undefined. > > Passing a character to isdigit(), which expects an integer, > results in isdigit() sometimes getting a negative number. > > On some systems, when the integer is negative, it represents exactly > the character you want it to anyway (e.g. -1 is the character that > is encoded 0xFF). But on others, it does not. > > (The same is true of other routines like isdigit()). > > Therefore, we have the substitutes for isdigit() etc. that take an > actual character (type 'char') as an argument. > */ > > #define ISALNUM(C) (isalnum((unsigned char)(C))) > #define ISALPHA(C) (isalpha((unsigned char)(C))) > #define ISCNTRL(C) (iscntrl((unsigned char)(C))) > #define ISDIGIT(C) (isdigit((unsigned char)(C))) > #define ISGRAPH(C) (isgraph((unsigned char)(C))) > #define ISLOWER(C) (islower((unsigned char)(C))) > #define ISPRINT(C) (isprint((unsigned char)(C))) > #define ISPUNCT(C) (ispunct((unsigned char)(C))) > #define ISSPACE(C) (isspace((unsigned char)(C))) > #define ISUPPER(C) (isupper((unsigned char)(C))) > #define ISXDIGIT(C) (isxdigit((unsigned char)(C))) > #define TOUPPER(C) ((char)toupper((unsigned char)(C))) > > But nowhere can I find 'isnul' or ISNUL'. Yes, nothing in that file. The only occurances of NUL I find are in the character-name table in /usr/src/lib/libc/regex/cname.h: /* character-name table */ static struct cname { char *name; char code; } cnames[] = { {"NUL", '\0'}, /* ... lots of lines omitted ... */ {NULL, 0} }; -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Mon Nov 13 21:10:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87EC2DD5EB4 for ; Mon, 13 Nov 2017 21:10:42 +0000 (UTC) (envelope-from andrewjameswood@ymail.com) Received: from sonic306-21.consmr.mail.ir2.yahoo.com (sonic306-21.consmr.mail.ir2.yahoo.com [77.238.176.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2537A7E643 for ; Mon, 13 Nov 2017 21:10:41 +0000 (UTC) (envelope-from andrewjameswood@ymail.com) X-YMail-OSG: _0.LqGYVM1lfaCco5sU6fW8sXQOsgscs2HMGgH2kF.E1OBwETlT0nJDmuS_LDZv 8IJRxVBpCAkbmuGtgSGw7PQF584mFeXGWU0Dh49HHyLyxLBAL0aRDNXUXlEJBEyTXoHSvEe7cUZp aD8H8rWs5J6OY4FG6peoF4946J8a0bZ.4eeLADTBDVTJz75C71xBXv1sHkMfNCzkoKTkLyA1Z.ZM Lu0sFV6qX4_rAp1LXMRXfryva6ucpuaVqHOeAZ8uTZLLDe.gf0ZVPkzn6DoZA3WXQ0eBKXgDVSUv rCOMXmhTZ9Qf4ustXwfxGkRU7u9YJKbg93jA0b2cWNokfpSnUOk6Mec124n5mWTR0cxUZN5CJtJG woj2ZKwLDIlhPo_mmfnLfpLjgmdG20bVkY9bxh_jhrFFQBlmE0AFAYj5C5q2D0WTKmqCEHhMuhle nQLwKCrSUNG9mVQfi19EYB0qaedvM7J_puFlpZqaw_UML25keV2J2Ns2r7QFJCymeUFxSeZHRjhj 8VQYuqqgXcq7UEdyky54_4dLrABEIOiReFEFmnLieIMs6LICgkFgUFejElPV2U0uei3_zGR72 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ir2.yahoo.com with HTTP; Mon, 13 Nov 2017 21:10:39 +0000 Received: from [127.0.0.1] by smtp115.mail.ir2.yahoo.com with NNFMP; 13 Nov 2017 21:10:35 -0000 X-Yahoo-Newman-Id: 333014.80501.bm@smtp115.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: _0.LqGYVM1lfaCco5sU6fW8sXQOsgscs2HMGgH2kF.E1OBw ETlT0nJDmuS_LDZv8IJRxVBpCAkbmuGtgSGw7PQF584mFeXGWU0Dh49HHyLy xLBAL0aRDNXUXlEJBEyTXoHSvEe7cUZpaD8H8rWs5J6OY4FG6peoF4946J8a 0bZ.4eeLADTBDVTJz75C71xBXv1sHkMfNCzkoKTkLyA1Z.ZMLu0sFV6qX4_r Ap1LXMRXfryva6ucpuaVqHOeAZ8uTZLLDe.gf0ZVPkzn6DoZA3WXQ0eBKXgD VSUvrCOMXmhTZ9Qf4ustXwfxGkRU7u9YJKbg93jA0b2cWNokfpSnUOk6Mec1 24n5mWTR0cxUZN5CJtJGwoj2ZKwLDIlhPo_mmfnLfpLjgmdG20bVkY9bxh_j hrFFQBlmE0AFAYj5C5q2D0WTKmqCEHhMuhlenQLwKCrSUNG9mVQfi19EYB0q aedvM7J_puFlpZqaw_UML25keV2J2Ns2r7QFJCymeUFxSeZHRjhj8VQYuqqg Xcq7UEdyky54_4dLrABEIOiReFEFmnLieIMs6LICgkFgUFejElPV2U0uei3_ zGR72 X-Yahoo-SMTP: lyMebeuswBAKXlSCZ4_eELrg31ykJBp.BALgvdbr.jksrQi8VqI- From: Andrew W Subject: pkgng error when installing To: freebsd-questions@freebsd.org Message-ID: Date: Mon, 13 Nov 2017 21:10:36 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 21:10:42 -0000 When installing a package Im getting /usr/local/lib/libpkg.so.4: Undefined symbol "utimensat" Got this twice on two different machines with two different packages. Immediately before both times pkgng updated itself to the latest version so it would appear that upgrade has gone wrong somwhere. Has anyone else experienced this? Thanks Andrew From owner-freebsd-questions@freebsd.org Mon Nov 13 21:38:50 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B363DD7902 for ; Mon, 13 Nov 2017 21:38:50 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5A1BB7F655 for ; Mon, 13 Nov 2017 21:38:49 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 8DCF5622F7; Mon, 13 Nov 2017 16:38:47 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O50Pq3ZmKHxe; Mon, 13 Nov 2017 16:38:45 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 799F2604FE; Mon, 13 Nov 2017 16:38:44 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 13 Nov 2017 16:38:45 -0500 Message-ID: <3d125b3a692ee99a9c0691e1efd6e0d8.squirrel@webmail.harte-lyne.ca> In-Reply-To: <20171113211429.bf4f1723.freebsd@edvax.de> References: <68be33ca89aab31e068253dffe129021.squirrel@webmail.harte-lyne.ca> <20171111104543.11279fb7@gecko4> <20171113211429.bf4f1723.freebsd@edvax.de> Date: Mon, 13 Nov 2017 16:38:45 -0500 Subject: Re: Regex character and collation class documentation From: "James B. Byrne" To: "Polytropon" Cc: freebsd-questions@freebsd.org, mfv@bway.net Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 21:38:50 -0000 On Mon, November 13, 2017 15:14, Polytropon wrote: > > Check the following ocation: > > /usr/src/lib/libc/regex/cname.h > I do not have the source tree installed on my systems and so that explains the absence of the header files. But from this thread I now have sufficient information respecting this issue for my current need. Thank you all for the assistance. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Mon Nov 13 22:03:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17482DD8363 for ; Mon, 13 Nov 2017 22:03:04 +0000 (UTC) (envelope-from nospam@dgmm.net) Received: from outbound-queue-adx-2.mail.thdo.gradwell.net (outbound-queue-adx-2.mail.thdo.gradwell.net [212.11.71.247]) by mx1.freebsd.org (Postfix) with ESMTP id D64FF80417 for ; Mon, 13 Nov 2017 22:03:03 +0000 (UTC) (envelope-from nospam@dgmm.net) Received: from outbound-edge-adx-2.mail.thdo.gradwell.net (outbound-edge-adx-2.mail.thdo.gradwell.net [212.11.71.231]) by outbound-queue-adx-2.mail.thdo.gradwell.net (Postfix) with ESMTP id 2876521B95 for ; Mon, 13 Nov 2017 22:02:08 +0000 (GMT) Received: from cpc89374-jarr11-2-0-cust348.16-2.cable.virginm.net (HELO amd.asgard.uk) (82.13.141.93) (smtp-auth username dave%pop3.dgmm.net, mechanism plain) by outbound-edge-adx-2.mail.thdo.gradwell.net (qpsmtpd/0.83) with ESMTPA; Mon, 13 Nov 2017 22:02:07 +0000 From: Dave To: freebsd-questions@freebsd.org Subject: Re: Problems with Virtual-box Date: Mon, 13 Nov 2017 22:02:06 +0000 Message-ID: <19880211.ZzabHL5MdV@amd.asgard.uk> User-Agent: KMail/4.14.10 (FreeBSD/10.3-RELEASE-p20; KDE/4.14.30; amd64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Gradwell-MongoId: 5a0a165f.16fc2-3343-2 X-Gradwell-Auth-Method: mailbox X-Gradwell-Auth-Credentials: dave@pop3.dgmm.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 22:03:04 -0000 On Monday 13 November 2017 17:57:52 Eduardo Lemos de Sa wrote: > Sorry, I forgot to attach the pdf file with a virtualbox network > configuration. Attachments generally don't work on this list. Either paste the text into the email or provide a link to somewhere you can make the file accessible. Plain text will suffice, no need for a pdf file. From owner-freebsd-questions@freebsd.org Mon Nov 13 22:30:07 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40160DD8B3D for ; Mon, 13 Nov 2017 22:30:07 +0000 (UTC) (envelope-from mitch_mrc@yahoo.com) Received: from sonic315-14.consmr.mail.bf2.yahoo.com (sonic315-14.consmr.mail.bf2.yahoo.com [74.6.134.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 04159137B for ; Mon, 13 Nov 2017 22:30:06 +0000 (UTC) (envelope-from mitch_mrc@yahoo.com) X-YMail-OSG: 4Sd1hUUVM1mAtyaa22raXCD80bhSzrJWxjO2Ehd8Qxe2CyrjIQcdzehhdvsJVaM UwU6gEGNs.Fo8hY_wecJ8Kcb0juEB4b1ngkAsh.zFt4HVKMBA0Typ._NuwkFEEShOx_R3fy.JXRa QM2OWuqJDvsbmoOawy2ZIrSx2b51htSrXow9JNOfpgi3n9ddox86ZETmgqqu2l5aHW23GhcOSAOz NgWQ_E4phbWGfGGvWVlEc1lyr6XchNYfWBMGVlVp99mQUqq9cV4OTKVggYnihwRCwu6kltSLlZUB S7N.VC6ELDEDhQ4Tk2eTfvVcdrJ0az3gGY9wMiAldrYEHqNfJ6T0ys32J2TK1pvroCxQia74jxWC GK09MYCICVEQEsnK.LMnR2.33eXVt8bgKodtQgV4q3GCS2VWf3UIScihEFf1uohhYfMbt49vIBJx kKJddxYJBcz_q8s3.YcGnOHcGjZebYXDLyrKtEEBDhK00ErnzSJHhTjabQmAYn1g6mYal.7lbkeE 1IDAl8SX5U9Mi48zIOjfpP6Lk333bsUxzWw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.bf2.yahoo.com with HTTP; Mon, 13 Nov 2017 22:30:00 +0000 Date: Mon, 13 Nov 2017 22:29:58 +0000 (UTC) From: Mitch MRC To: Ernie Luzar Cc: Outback Dingo , Vladimir Botka , Mitch MRC via freebsd-questions Message-ID: <1702222199.1447540.1510612198552@mail.yahoo.com> In-Reply-To: <5A085E9F.7010701@gmail.com> References: <1947620261.80174.1510389431279.ref@mail.yahoo.com> <1947620261.80174.1510389431279@mail.yahoo.com> <20171111104334.7bcbb022@planb.netng.org> <20171111111143.130b5b31@planb.netng.org> <966939340.163969.1510414084521@mail.yahoo.com> <5A085E9F.7010701@gmail.com> Subject: Re: Server for web hosting and emails MIME-Version: 1.0 X-Mailer: WebService/1.1.10940 YMailNorrin Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 22:30:07 -0000 Thanks again. Lots of things to think about.Best,Mircea On Sunday, November 12, 2017, 4:46:07 PM GMT+2, Ernie Luzar wrote: Mitch MRC via freebsd-questions wrote: > Thank you for your replies.Is it possible to make it with dynamic IP from the ISP? Or i should ask for a fixed IP? > Mircea > Just so you know about all your options. Yes it is possible to use a dynamic ip address. It's all a matter of risk. In todays market of phone companies and cable TV providers acting as ISP's the chance of then changing your assigned dynamic IP address is very low. I have had the same dynamic IP address from my TV cable ISP for 10+ years. To reduce the risk to zero you can have your fqdn registered with one of the many "dynamic DNS" service providers. You then run a daemon on your host that watches your IP address and if it changes automatically sends a update to your "dynamic DNS" service provider changing your fqdn to point to the new IP address. Down time is less than 5 minutes. But your missing the big picture problem. Normally ISP's sell 2 account types, home users who get a single dynamic IP address with some max bandwidth per month and the business account who gets a group of static ip addresses and have bandwidth usage groups that cost more per month as bandwidth usage increases as more hosting customers are added. As I read this thread I see you are thinking about running a home based hosting service. A very small scale environment would work but if your bandwidth exceeds the max for a home user account your ISP may stop serving your account until the next month. Or even worse they may determine that you are abusing your home account contract and terminate your service all together. This will really put a negative turn on your home hosting service and paying customers will leave you asap. There are other considerations for a 24/7 service, like UPS and or a gas powered electric generator redundancy of computers and network controllers solid state hard drives and the list goes on. If your intention is something to play with at home so you can learn about how things go together, then no problem. If this is a prelude to a for profit hosting service then you better have very deep pockets because this is going to cost a lot of up front money to do it right. Maybe you should check into the affiliate program of many existing hosting companies. For a price you get a branded hosting front end that looks & feel like a real hosting service, but in reality your just selling services for the downstream provider. Good luck. _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Mon Nov 13 22:36:07 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2504DDD8F3E for ; Mon, 13 Nov 2017 22:36:07 +0000 (UTC) (envelope-from mitch_mrc@yahoo.com) Received: from sonic315-14.consmr.mail.bf2.yahoo.com (sonic315-14.consmr.mail.bf2.yahoo.com [74.6.134.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DCAF5194F for ; Mon, 13 Nov 2017 22:36:06 +0000 (UTC) (envelope-from mitch_mrc@yahoo.com) X-YMail-OSG: XDTuvOYVM1ki4qZ4CiwF_RvV0etsH8aV36y8GFdt_utnp.Ylv7N4bKEwxtlJY2A yyBO2h7s3Nm5tJMvrQVRRd4pJR8hGXr0ypW0mNcSiXZtkAZuFEO5TpOeNAOfI8BpRhmwpEEOOZJK XnqyxvLX9X_MLugHjjjB0B2Db7wFwi07giuESRBZM_effldr_y50oVfxEqKvgVr3drRdgEqb2N6l u041y2usk5abekzmhAOx8spLlyD8H9tFyM2BO032UN6wepFrT7CgqaRunE10jVHZPPApN_eqsXBe h9yeX16qf8ikQDDkfquCXbr5eG28zKSMlfGZqR5.cJGV67bbrzxo030tRnFSGeMjNgYfRra.JcN4 ys23M1EAwq7pzGMAvPvqnaoiiup3YSKKx.CsXq0b.hXtwidhjlgX_oUy5bRnxr617c3241BcBFj6 lOv6Q2fDefpk1u4rtur74BSVkyC.eM.VDaV5I6_HCrk0He_Q1c5uRKGENH2_t4rvTlh.Qf__IyZj ALq1Df6ORhZpJdJ2zQLg3amCOhBlnrTXeT9qMACYSnJfd Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.bf2.yahoo.com with HTTP; Mon, 13 Nov 2017 22:36:05 +0000 Date: Mon, 13 Nov 2017 22:36:04 +0000 (UTC) From: Mitch MRC To: Ernie Luzar , Mitch MRC via freebsd-questions Cc: Outback Dingo , Vladimir Botka Message-ID: <1805220976.1473262.1510612564500@mail.yahoo.com> In-Reply-To: <1702222199.1447540.1510612198552@mail.yahoo.com> References: <1947620261.80174.1510389431279.ref@mail.yahoo.com> <1947620261.80174.1510389431279@mail.yahoo.com> <20171111104334.7bcbb022@planb.netng.org> <20171111111143.130b5b31@planb.netng.org> <966939340.163969.1510414084521@mail.yahoo.com> <5A085E9F.7010701@gmail.com> <1702222199.1447540.1510612198552@mail.yahoo.com> Subject: Re: Server for web hosting and emails MIME-Version: 1.0 X-Mailer: WebService/1.1.10940 YMailNorrin Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 22:36:07 -0000 The intention is to move from the hosting company to my own server with 3-4= domains, due to a lack of options.=C2=A0Basically I need the web, mails an= d the possibility to use other languages and DBs than the ones provided by = the hosting servers, where any small request for new stuff, costs. M On Tuesday, November 14, 2017, 12:30:20 AM GMT+2, Mitch MRC via freebsd= -questions wrote: =20 =20 Thanks again. Lots of things to think about.Best,Mircea =C2=A0 =C2=A0 On Sunday, November 12, 2017, 4:46:07 PM GMT+2, Ernie Luzar <= luzar722@gmail.com> wrote:=C2=A0=20 =20 Mitch MRC via freebsd-questions wrote: > Thank you for your replies.Is it possible to make it with dynamic IP from= the ISP? Or i should ask for a fixed IP? > Mircea >=20 Just so you know about all your options. Yes it is possible to use a dynamic ip address. It's all a matter of risk. In todays market of phone companies and cable TV providers acting as=20 ISP's the chance of then changing your assigned dynamic IP address is=20 very low. I have had the same dynamic IP address from my TV cable ISP=20 for 10+ years. To reduce the risk to zero you can have your fqdn registered with one of=20 the many "dynamic DNS" service providers. You then run a daemon on your=20 host that watches your IP address and if it changes automatically sends=20 a update to your "dynamic DNS" service provider changing your fqdn to=20 point to the new IP address. Down time is less than 5 minutes. But your missing the big picture problem. Normally ISP's sell 2 account types, home users who get a single dynamic=20 IP address with some max bandwidth per month and the business account=20 who gets a group of static ip addresses and have bandwidth usage groups=20 that cost more per month as bandwidth usage increases as more hosting=20 customers are added. As I read this thread I see you are thinking about running a home based=20 hosting service. A very small scale environment would work but if your=20 bandwidth exceeds the max for a home user account your ISP may stop=20 serving your account until the next month. Or even worse they may=20 determine that you are abusing your home account contract and terminate=20 your service all together. This will really put a negative turn on your=20 home hosting service and paying customers will leave you asap. There are other considerations for a 24/7 service, like UPS and or a gas powered electric generator redundancy of computers and network controllers solid state hard drives and the list goes on. If your intention is something to play with at home so you can learn=20 about how things go together, then no problem. If this is a prelude to a=20 for profit hosting service then you better have very deep pockets=20 because this is going to cost a lot of up front money to do it right. Maybe you should check into the affiliate program of many existing=20 hosting companies. For a price you get a branded hosting front end that=20 looks & feel like a real hosting service, but in reality your just=20 selling services for the downstream provider. Good luck. _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org= " =C2=A0=20 _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org= " =20 From owner-freebsd-questions@freebsd.org Mon Nov 13 22:39:13 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5558ADD90F9 for ; Mon, 13 Nov 2017 22:39:13 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D9D371ACC for ; Mon, 13 Nov 2017 22:39:12 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: by mail-wm0-x231.google.com with SMTP id z3so8059690wme.3 for ; Mon, 13 Nov 2017 14:39:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yMUhy46X+Uu0/c21yOgJy52ATGbVaHngxFok8nI0vhI=; b=sHkaZn0B966BtiqoAMlrol/Q7V4x2n01hRcwDxxiw1G/DoO6FctbM0MOg43S52Yf6X CFR2nTHigyffNqq2W811RfAYdP7bms4lmEII7ZXtDsTJ1GdCyla7BI6Pj2N+VvONcsG2 WUEKVgF+1VG94Jt3ZR6oRXnm4k/AvQ+xLmmcUjExKkvDMB73AaiIAGJf6jgEwAylLsb0 Y/SPOXGnZXK/EYaBOxfoaFYuomhzXo4B8TewLkZwCNeAhcmdftQ9VnH83HuWK5evYc4j sueAvwqY7hHb6prJNWPccr5gpfmglC0aJYVn8oM3f/tBdt6d6rSLjqxcy0DQBjEi/XgH SYjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yMUhy46X+Uu0/c21yOgJy52ATGbVaHngxFok8nI0vhI=; b=Z7tlVievz3yuGNV9/TbgTF5JZ4EK3QULLRsf6YhSXyBW6qBxzXYLwL590dIjpxUxZl KDa2iX9/VzcgA3cGZbHri6uMaviY4skiWun+NG0Z+4EpJ4YfPYEapQvOcP78qNtJyxdu fg6A9Sq5dr6m3KgceNN/dhT8/YOhYZb6CDPS/NanDxVpBqzfu3SsZLN90FhAdUpoZgKJ njH7iETz57Sb79w3DAGWvE6cdHjUlPtvgIJPxxm6ErKi8ZZuAwVp+xmxRe/1Vpz4G1ri HT3XwRVGtTlPF4sZU0zeJJR8Q/cecG37cwR7vFQeMJxdjzUwNKv+IfaBix3VgK/MOGCV UCeA== X-Gm-Message-State: AJaThX5L0wm1sxGpiTDm/bhSqLfFJKPLuaSskSyy8KtfzYWjnVzl8Ie8 KgqaML025QDx8OiRnXXEtCz7Gegt+nWBDb9AQwA= X-Google-Smtp-Source: AGs4zMaEac0ddsWRziT6fMcxN3FN6WMd8cdgrQnte+/KjTEztrnxgGi1Jq9srIu2dQtJukJskR39h4fCYaLHqF5pgZ0= X-Received: by 10.28.213.143 with SMTP id m137mr6795198wmg.67.1510612750816; Mon, 13 Nov 2017 14:39:10 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.154.140 with HTTP; Mon, 13 Nov 2017 14:38:30 -0800 (PST) In-Reply-To: <1805220976.1473262.1510612564500@mail.yahoo.com> References: <1947620261.80174.1510389431279.ref@mail.yahoo.com> <1947620261.80174.1510389431279@mail.yahoo.com> <20171111104334.7bcbb022@planb.netng.org> <20171111111143.130b5b31@planb.netng.org> <966939340.163969.1510414084521@mail.yahoo.com> <5A085E9F.7010701@gmail.com> <1702222199.1447540.1510612198552@mail.yahoo.com> <1805220976.1473262.1510612564500@mail.yahoo.com> From: Outback Dingo Date: Mon, 13 Nov 2017 23:38:30 +0100 Message-ID: Subject: Re: Server for web hosting and emails To: Mitch MRC Cc: Ernie Luzar , Mitch MRC via freebsd-questions , Vladimir Botka Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 22:39:13 -0000 sounds like your probably better of with a 20$ a month virtual machine on a public ip at a real hosting company usualy you can do whatever you want in a vm with root access, rootbsd is a good vps provider for FreeBSD vms On Mon, Nov 13, 2017 at 11:36 PM, Mitch MRC wrote: > The intention is to move from the hosting company to my own server with 3-4 > domains, due to a lack of options. > Basically I need the web, mails and the possibility to use other languages > and DBs than the ones provided by the hosting servers, where any small > request for new stuff, costs. > > M > > On Tuesday, November 14, 2017, 12:30:20 AM GMT+2, Mitch MRC via > freebsd-questions wrote: > > > Thanks again. Lots of things to think about.Best,Mircea > On Sunday, November 12, 2017, 4:46:07 PM GMT+2, Ernie Luzar > wrote: > > Mitch MRC via freebsd-questions wrote: >> Thank you for your replies.Is it possible to make it with dynamic IP from >> the ISP? Or i should ask for a fixed IP? >> Mircea >> > > Just so you know about all your options. > Yes it is possible to use a dynamic ip address. > It's all a matter of risk. > > In todays market of phone companies and cable TV providers acting as > ISP's the chance of then changing your assigned dynamic IP address is > very low. I have had the same dynamic IP address from my TV cable ISP > for 10+ years. > > To reduce the risk to zero you can have your fqdn registered with one of > the many "dynamic DNS" service providers. You then run a daemon on your > host that watches your IP address and if it changes automatically sends > a update to your "dynamic DNS" service provider changing your fqdn to > point to the new IP address. Down time is less than 5 minutes. > > But your missing the big picture problem. > > Normally ISP's sell 2 account types, home users who get a single dynamic > IP address with some max bandwidth per month and the business account > who gets a group of static ip addresses and have bandwidth usage groups > that cost more per month as bandwidth usage increases as more hosting > customers are added. > > As I read this thread I see you are thinking about running a home based > hosting service. A very small scale environment would work but if your > bandwidth exceeds the max for a home user account your ISP may stop > serving your account until the next month. Or even worse they may > determine that you are abusing your home account contract and terminate > your service all together. This will really put a negative turn on your > home hosting service and paying customers will leave you asap. > > There are other considerations for a 24/7 service, like > UPS and or a gas powered electric generator > redundancy of computers and network controllers > solid state hard drives and the list goes on. > > If your intention is something to play with at home so you can learn > about how things go together, then no problem. If this is a prelude to a > for profit hosting service then you better have very deep pockets > because this is going to cost a lot of up front money to do it right. > > Maybe you should check into the affiliate program of many existing > hosting companies. For a price you get a branded hosting front end that > looks & feel like a real hosting service, but in reality your just > selling services for the downstream provider. > > Good luck. > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Tue Nov 14 02:25:38 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 414AAC7F52F for ; Tue, 14 Nov 2017 02:25:38 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay10.qsc.de (mailrelay10.qsc.de [212.99.163.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACDDE690C7 for ; Tue, 14 Nov 2017 02:25:37 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay10.qsc.de; Tue, 14 Nov 2017 03:25:28 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 740413CBF9; Tue, 14 Nov 2017 03:25:27 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vAE2PQOU003487; Tue, 14 Nov 2017 03:25:26 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 14 Nov 2017 03:25:26 +0100 From: Polytropon To: Dave Cc: freebsd-questions@freebsd.org Subject: Re: Problems with Virtual-box Message-Id: <20171114032526.74f0c5e3.freebsd@edvax.de> In-Reply-To: <19880211.ZzabHL5MdV@amd.asgard.uk> References: <19880211.ZzabHL5MdV@amd.asgard.uk> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay10.qsc.de with B9036683DA1 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1382 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 02:25:38 -0000 On Mon, 13 Nov 2017 22:02:06 +0000, Dave wrote: > On Monday 13 November 2017 17:57:52 Eduardo Lemos de Sa wrote: > > Sorry, I forgot to attach the pdf file with a virtualbox network > > configuration. > > Attachments generally don't work on this list. If I remember correctly, text attachments do work (text/plain), but binary attachments won't. > Either paste the text into the email or provide a link to somewhere > you can make the file accessible. Plain text will suffice, no need > for a pdf file. I may suggest pasting the relevant text into the message directly, so it can be archived for future reference. If the text is being posted on an external site, it may disappear, and a future reader of the message will probably find it less helpful, as the text which it is about will only 404. :-) With the pdftotext program (from the xpdf package), text can be extracted from the PDF if there isn't any other source than the PDF file. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Tue Nov 14 08:29:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 136CED7FA93 for ; Tue, 14 Nov 2017 08:29:26 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-oln040092010102.outbound.protection.outlook.com [40.92.10.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C8A7174E34 for ; Tue, 14 Nov 2017 08:29:25 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=a9uahQpsXGsC9LyzvrbgGnsK/yoFkQeVsk0+KukC8ks=; b=oz0/nZWFcRJwDMVsngede+Fnj5KoEY4zXo1C5QRut7PEaDew9LLYdfkUynYfn8jtiwjcOg34tZ3iIfrpbnw92C8bDSaTpSLWRVgFK1pXg+hyOvT8/5Un76kMXwr1Z6qSyLgljk5076j7dERMvk4ef1yl+7AAohonWfRCJ/lv3NPv2qPZxKyquccaXU7y5Bx+w1wOMQ40NLFaYXz5O+1q1zwkRIuFObm2BsmurP8D3rzIml/4Mv+jh/I77T8KEn7HwlqmgU6csLOaXvbl7TuvpBPvIKOId/tQD2ZmB4l0QZAszXlFWtSJJAoXdCMNEMncb7fnYd3Ie9KooP2nmLaNGw== Received: from CO1NAM04FT052.eop-NAM04.prod.protection.outlook.com (10.152.90.59) by CO1NAM04HT005.eop-NAM04.prod.protection.outlook.com (10.152.90.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.197.9; Tue, 14 Nov 2017 08:29:24 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com (10.152.90.51) by CO1NAM04FT052.mail.protection.outlook.com (10.152.91.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.197.9 via Frontend Transport; Tue, 14 Nov 2017 08:29:23 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) by BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 08:29:23 +0000 From: Carmel NY To: FreeBSD Subject: Updating Instructions Thread-Topic: Updating Instructions Thread-Index: AQHTXSKs84Rj6nR6Nkend9uO6MDOIg== Date: Tue, 14 Nov 2017 08:29:23 +0000 Message-ID: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:36FD398183314C547EC54F70EEA96B4616C52D5E14F21349AD80C624C91EDA78; UpperCasedChecksum:6C8839B4BA7B3E8DEDE88B1FD4D7B30D3AD927FB9DD23C0864D7AF542E39781E; SizeAsReceived:6858; Count:45 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [pjKHj9DJCUJ4cINSDL64rPjfLR2t9EEA] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO1NAM04HT005; 6:mfCONsAY3MYKy4VM2O90zJHcXtXg4u0mjmOT+gt9xUlolxmsdc36uXHRCaHdZ9Rw1rEyLMx1S0bJHICX0I41Ctn6aTn9J9GcikWOntm9Ee8Zq9MDZX3jRjRGgCWNA5xh7qor/evJQObI/hnc9/hq0USHvw+wF/xv3AC2RF4l0Gdu4Kr8DSBf4kuhgSTEtlJCAMgLK7QZtB/Xo46VMxcGno29LaQTLshW/OPepp+mLgAOHlIN8A2oBlv1Zg4BIW7qjfMAsqeEsLMwhH1gPOdqwNXF5REVvJLRlV3hNGpzVXQ+TVn8MFHlFYk+vQix2TBAaabpGwlX2D9dxnBTkr72vwxOTnqwAIw85HgiVaRn6C0=; 5:ImWvIoDSGxujXwznMLtQTZAk1X+aUOcIsC6M84sGQLli9PUSn02A1YNInc9mEcTYyoPy3PnlVVzz6NGh+N3WTdBfk3VCvKlUIPmX+JaapO0UxLjZDA98yYYY3bPqwUgJLsPi0gVqfnQfEa3BdV3AGjdJgRTKrlkeCIvZDx4yQnA=; 24:CiLQBSNYroOiplZnFTrcWWT/cyR3PHEetaetkmrti1dRAit84i9ExBLbdONPjjbYrtdXpJFSwklKLKz0MhKqIsYdBVpaFICLFFI9jKMgP70=; 7:iyL4mMNSD4NSOVM+ZulGXSCBT4B3PGtY0Xan7/bQC975afogEu8aXwW4CJaS3uyqYtE98ePB8E7yun1LRvR9/TIp877xf4ew0MyWD605r3sepxIMCkheVvRY1uKgoRtZB1IBEj2d/mYx11PBww+lV2PbjRW9FkMjf4O/4RotDTD/DdCCn0uIP1eU4ovl+o/6zdr0xcmjlM/ae7+qbTdwrzl1ZhAI2TjUbTfYngHeram52PU6OYNR4lBW4XpRICe/ x-incomingheadercount: 45 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: ab2f9120-8844-4645-6e8e-08d52b39ceda x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:CO1NAM04HT005; x-ms-traffictypediagnostic: CO1NAM04HT005: authentication-results: outbound.protection.outlook.com; spf=skipped (originating message); dkim=none (message not signed) header.d=none; dmarc=none action=none header.from=outlook.com; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:CO1NAM04HT005; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CO1NAM04HT005; x-forefront-prvs: 04916EA04C x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM04HT005; H:BN6PR2001MB1730.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <4858A9F964A7854E8283FFB88E2106F4@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ab2f9120-8844-4645-6e8e-08d52b39ceda X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 08:29:23.3376 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM04HT005 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 08:29:26 -0000 Out of morbid curiosity, I was just wondering why instructions for updating= a moved or discontinued port are never posted for "synth", like they are for "portupgrade" or "portmaster" in the UPDATING file? An example would be the recent 20171112 change in the devel/oniguruma* port. --=20 Carmel From owner-freebsd-questions@freebsd.org Tue Nov 14 08:31:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17737D7FBAA for ; Tue, 14 Nov 2017 08:31:40 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E3AC75149; Tue, 14 Nov 2017 08:31:39 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x22a.google.com with SMTP id o88so16708275wrb.6; Tue, 14 Nov 2017 00:31:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K/2JXUtFF80qGrttxqHsHd6LziuFSQdAOYv736hqLK4=; b=PfPeQeM8IbS7PhP2nv6H+wlCdwsv7oNI29KYoHigUXPwouT5+SzcqUIUtWf4lh3AN/ NflrrMUyp88BLg9/DaOmbQkqLeaO7jXyIFjEb4f0PJaUDGU0ELC/zCO3bTsrSsJviXLD 07HUbnYvk4O8u6a0ByirSntthQy1lYbklf7U2K/we2pOK6crvS0dpL1alqIw63al/MA7 eQ2E3cVTNdSv8qGab9u1ouI8xLgv+ZDa5xL0JQaKH3bMwEPcapxTklTK6t8yXTZySNKc Z9u025witGDZM0SunmNtyqHEnNFVfyqVT/plIUF0mkI65xqrL558ZYP69NGVazIf+6fW ZkAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K/2JXUtFF80qGrttxqHsHd6LziuFSQdAOYv736hqLK4=; b=oKrPRb2CV7+iouub1WCamWLxzntbFziNJ4EajASBU37Myh8ZrKptajpmk9wmnzleV2 y5D1LGmjkZmxBT1gLyR85XLUYakmmi1VoBcbO8i35k8Rvs0Hnus+alWm5UbdwaPYXbaC w2AHOpn0bofD7GtsL67OvxrQI5dWkYZsga5i1E4P3PxlxG/K93wnmkEaF5jPUafHulNx VSLPRqqnOajRwweUd8sKQH0cquOKE3zKP8lOi3HWTbP2hhwHSVOTi4DTKiPEQKnOsRC7 iuPPi2jBl7Znt/82zCHSWejiN/FwV5o48UTLyuS0z19ypNjcnBMlob7hznhYIz3FqJoc L/5g== X-Gm-Message-State: AJaThX5nl52kVv82kjonz487VlaxOR5GvdHJk4TbLH5tlJs77/f9iRfn /jVh2cjMtHexOmapXCWsclk3WYSniIL/dmKOhIzywm0l X-Google-Smtp-Source: AGs4zMZjoz8rjOu+uedoIkPV9wQ+yvDoDB07aJyjDIAK4KTK8PlZrnBjUG5sF8Zx79llahWnam0H5RJAGMiGYKO3Ysw= X-Received: by 10.223.132.129 with SMTP id 1mr8769930wrg.136.1510648297048; Tue, 14 Nov 2017 00:31:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Tue, 14 Nov 2017 00:31:36 -0800 (PST) In-Reply-To: References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> From: Cos Chan Date: Tue, 14 Nov 2017 09:31:36 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 08:31:40 -0000 On Mon, Nov 13, 2017 at 3:17 PM, Cos Chan wrote: > > > On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith wrote: > >> On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: >> >> > Dear All >> > >> > Thanks Ian's great help, I have solved problem to post banned entries >> from >> > blacklistd to ipfw. >> >> Well, we're some of the way there :) We really need Kurt Lidl's eyes on >> this to make real progress, and indications are that my and your emails >> cc'ing him were still being deferred for some reason - maybe he's away? >> >> > The original message was received at Tue, 7 Nov 2017 10:12:05 -0500 >> (EST) >> > from mx2.freebsd.org [8.8.178.116] >> > >> > ----- Transcript of session follows ----- >> > ... Deferred: Operation timed out with hydra.pix.net. >> > Warning: message still undelivered after 4 hours >> > Will keep trying until message is 1 week, 3 days old >> >> >> > To my knowledge the problem is: >> > >> > I setup sshd+blacklistd without ipfw at first. Then I got problem the >> entry >> > was never reached nfail number (is it a bug?). >> >> The first issue was because of a severe deficiency in blacklistd-helper, >> in that it doesn't actually check that the chosen firewall is running, >> and it then fails to detect commands for that firewall that do not (can >> not) succeed as any sort of error! More about that below. >> >> The second, however, was mainly that you missed that nfail set to '*' >> means that the host is NOT to be blocked, no matter how many auth or >> other failures that (in this case) sshd reports. >> >> That also answers another question you had .. "nnn/-1" indicates that >> nfail=* ie never to be blocked. These still get accumulated in the >> database, but are not applied as ipfw block rule table entries. >> >> >> > so I have to change the nfail to * to get the entry into banned list. >> >> In combination with other factors - like whether ipfw was running at the >> time - that got blacklistd to record reported failures to its database, >> but not to execute the 'add' commands to blacklistd-helper, so that >> address was not in fact blocked, and subsequent attempts kept trying. >> >> > But while I setup ipfw, the nfail=* would not activate >> blacklistd-helper so >> > no entry in blacklist banned list were added to ipfw. >> >> Yes, nfail=* means NEVER block these failed addreses. blacklistd.conf(5) >> >> > I have modify the blacklistd nfail to 2, sshd MaxAuthTries to 3. The >> > blacklist entries working fine. >> >> With ipfw running, yes :) But it should have failed - noisily - sooner. >> >> When ipfw is running, issuing this will show you the addresses blocked: >> >> # ipfw table port22 list >> > > until now it seems working on list updating. but I am not sure if it is > really working fine. > > here is one strange record: > > $ sudo blacklistctl dump -b | grep 1662 > 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 > > This IP was blocked in ipfw from last week. while I checked it last week > Friday it was 800+/1 in blacklist and until today it become 1662. > > To my knowledge the ipfw should block the connection, the times of banned > IP should be not increased? > > I could see more entries with more than 3/1, for example: > > 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 > 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 > 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 > 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 > 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 > 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 > 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 > 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 > 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 > 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 > 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 > 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 > > These records I am not sure if they were not increased after added to ipfw > list. but the 1662 times one, I am sure it was increased after ipfw had the > ip in list. > add the ipfw rules: $ sudo ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 02022 deny tcp from table(port22) to any dst-port 22 65000 allow ip from any to any 65535 deny ip from any to any > > >> > BUT I found another problem. >> > >> > The output of blacklist dump is strange: >> > >> > $ sudo blacklistctl dump >> > address/ma:port id nfail last access >> > 96.227.104.132/32:22 0/2 1970/01/01 01:00:00 >> > 89.245.78.187/32:22 0/2 1970/01/01 01:00:00 >> > 116.193.162.203/32:22 1/2 2017/11/09 11:48:05 >> > >> > Since the blacklistd accepts instruction from sshd. how could be 0/2 >> > entries presented there? I am sure my successful logins were not added >> to >> > blacklistd. >> >> 1970/01/01 01:00:00 is just the UNIX '0' timestamp, in this case plus >> one hour (your TZ offset). It here means 'no previous entry'. Not sure >> about that 0/2, but there are several different codes returned by sshd >> including success, failed auth and 'abusive behaviour' .. I'm not sure >> which ones your reports (including in off-list mail) indicate. >> >> As for the mysterious 'n-1' behaviour you mentioned offlist for nfail, >> in /usr/src/contrib/blacklist/bin/blacklistd.c there's this: >> >> switch (bi->bi_type) { >> case BL_ABUSE: >> /* >> * If the application has signaled abusive behavior, >> * set the number of fails to be one less than the >> * configured limit. Fallthrough to the normal BL_ADD >> * processing, which will increment the failure count >> * to the threshhold, and block the abusive address. >> */ >> if (c.c_nfail != -1) >> dbi.count = c.c_nfail - 1; >> /*FALLTHROUGH*/ >> case BL_ADD: >> dbi.count++; >> dbi.last = ts.tv_sec; >> if (dbi.id[0]) { >> /* >> * We should not be getting this since the rule >> * should have blocked the address. A possible >> * explanation is that someone removed that rule, >> * and another would be that we got another >> attempt >> * before we added the rule. In anycase, we remove >> * and re-add the rule because we don't want to >> add >> * it twice, because then we'd lose track of it. >> */ >> (*lfun)(LOG_DEBUG, "rule exists %s", dbi.id); >> (void)run_change("rem", &c, dbi.id, 0); >> dbi.id[0] = '\0'; >> } >> if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { >> int res = run_change("add", &c, dbi.id, sizeof( >> dbi.id)); >> if (res == -1) >> goto out; >> sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", >> (void *)&rss); >> (*lfun)(LOG_INFO, >> "blocked %s/%d:%d for %d seconds", >> rbuf, c.c_lmask, c.c_port, c.c_duration); >> >> } >> break; >> >> But if the 'add' command via blacklistd-helper fails, it will never add >> the 1 .. I'm not certain about this, but it could explain what you see, >> although I can't discern whether sshd is reporting BL_ADD or BL_ABUSE. >> >> You might instead try MaxAuthTries 4 .. sshd_config(5) says: >> >> MaxAuthTries >> Specifies the maximum number of authentication attempts >> permitted >> per connection. Once the number of failures reaches half >> this >> value, additional failures are logged. The default is 6. >> >> Half of 3 as an integer is only 1, but half of 4 is 2. See if it helps? >> > > I didnt change the MaxAuthTries, since I found something interesting from > the different logs concerning that issue: > > From blacklistctl dump: > > $ sudo blacklistctl dump > address/ma:port id nfail last access > 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 > 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 > 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 > 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 > 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 > 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 > 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 > 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 > > From sshd log: > > Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi > [preauth] > Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi > [preauth] > ... > Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 > Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user > support [preauth] > Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from > 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from > 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from > 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 > Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user ubnt > [preauth] > Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from > 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from 123.31.26.123 > Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user > PlcmSpIp [preauth] > Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from > 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user > admin [preauth] > Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from > 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] > > I see 2 problems: > > Problem 1: > The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it > tried only 2 times. > But in my opinion it should be recorded to blacklistd as 2/1 instead of > 0/1. > > Problem 2: > The IP 123.31.26.123 was trying to use different user name to login more > than 3 times. it was also recorded in blacklistd as 0/1. > > In my opinion the above 2 all should be banned by blacklistd. > > >> >> > I am trying to find out the reason from log but I dont know how to see >> > blacklistd log. man page said that is to syslogd but what the facility >> it >> > is? or some other ways to get out log? >> >> Not sure of the facility but when using the -v switch, as you have been, >> logging goes to stderr instead of syslog. Without -v you should see it >> logging to /var/log/messages. If not, try adding to /etc/syslog.conf: >> >> !blacklistd >> *.* /var/log/myblacklistd.log >> >> then '# touch /var/log/myblacklistd.log && service syslogd restart' >> > > Unfortunately I started the logging later than Nov 11 03:50:57, so I didnt > get the log of "0/1" records yet. > got the log for one new "0/1" entry: $ sudo blacklistctl dump address/ma:port id nfail last access 24.7.90.146/32:22 0/1 1970/01/01 01:00:00 ... $ sudo cat auth.log | grep 24.7.90.146 Nov 14 02:13:58 res sshd[6212]: Invalid user pi from 24.7.90.146 Nov 14 02:13:58 res sshd[6215]: Invalid user pi from 24.7.90.146 Nov 14 02:13:59 res sshd[6215]: Connection closed by 24.7.90.146 port 34746 [preauth] Nov 14 02:13:59 res sshd[6212]: Connection closed by 24.7.90.146 port 34742 [preauth] $ cat myblacklistd.log | grep 'Nov 14' ... Nov 14 02:09:11 res blacklistd[5590]: blocked 202.51.74.55/32:22 for -1 seconds Nov 14 02:11:06 res blacklistd[5590]: rule exists OK Nov 14 02:11:06 res blacklistd[5590]: blocked 202.51.74.55/32:22 for -1 seconds Nov 14 02:14:43 res blacklistd[5590]: blocked 66.232.147.46/32:22 for -1 seconds Nov 14 02:16:40 res blacklistd[5590]: rule exists OK could not see operation against that IP from blacklistd.log > > >> >> Ok, problems with blacklistd-helper; the first bit verbatim, tabs lost: >> >> #!/bin/sh >> #echo "run $@" 1>&2 >> #set -x >> # $1 command >> # $2 rulename >> # $3 protocol >> # $4 address >> # $5 mask >> # $6 port >> # $7 id >> >> pf= >> if [ -f "/etc/ipfw-blacklist.rc" ]; then >> pf="ipfw" >> . /etc/ipfw-blacklist.rc >> ipfw_offset=${ipfw_offset:-2000} >> fi >> >> if [ -z "$pf" ]; then >> for f in npf pf ipf; do >> if [ -f "/etc/$f.conf" ]; then >> pf="$f" >> break >> fi >> done >> fi >> >> if [ -z "$pf" ]; then >> echo "$0: Unsupported packet filter" 1>&2 >> exit 1 >> fi >> >> Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. >> In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf lying >> around from before? it should have failed with 'exit 1' .. though it's >> not clear from browsing the code that even that would cause it to quit. >> > > No, there are not /etc/pf.conf and /etc/ipf.conf. > > >> >> So once /etc/ipfw-blacklist.rc exists, that's a flag indicating you >> intend using ipfw, however there's NO check that ipfw is running .. >> >> Then - ignoring the pf) and ipf) sections - though I suspect they'd have >> the same issue unless really running - here's the ipfw add bit, no tabs: >> >> add) >> case "$pf" in >> [..] >> ipfw) >> # use $ipfw_offset+$port for rule number >> rule=$(($ipfw_offset + $6)) >> tname="port$6" >> /sbin/ipfw table $tname create type addr 2>/dev/null >> >> Unless ipfw is running, enabled, that will fail - silently. >> >> /sbin/ipfw -q table $tname add "$addr/$mask" >> >> Ditto, perhaps with a message to stderr - that's simply ignored. >> >> # if rule number $rule does not already exist, create it >> /sbin/ipfw show $rule >/dev/null 2>&1 || \ >> /sbin/ipfw add $rule drop $3 from \ >> table"("$tname")" to any dst-port $6 >/dev/null >> && \ >> echo OK >> ;; >> >> When both of these ipfw commands also fail, it'll only fail to echo OK. >> >> Not that failing to echo OK seems to matter to the calling code, but >> the OK is kept as 'id' which is passed to the rem)ove code, but is >> unused except by the npf firewall .. 'netbsd packet filter' I guess. >> >> I can certainly suggest patches for at least the ipfw sections - and >> really, if the introductory code checks ipfw is working that should be >> enough - but I'm unsure whether 'exit 1' after an error message is all >> that's needed to get blacklistd to whinge loudly and refuse to continue? >> >> This should be turned into a PR via bugzilla, but since I'm not running >> 11.x here, I can only really contribute if you do so and add me as a cc. >> > > Sorry I dont know how to describe the problem in bugzilla since I dont > really understand what you said. > I have to learn more about the script :) > > >> >> Please try to avoid top-posting on replies, thanks. > > > Sure, I will. > > >> >> cheers, Ian >> > > > > -- > with kind regards > -- with kind regards From owner-freebsd-questions@freebsd.org Tue Nov 14 09:28:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1583BDB90FB for ; Tue, 14 Nov 2017 09:28:58 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ADC4E76B9A for ; Tue, 14 Nov 2017 09:28:57 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from [192.168.1.183] (host81-134-87-65.range81-130.btcentralplus.com [81.134.87.65]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vAE9Sq60028381 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Nov 2017 09:28:52 GMT (envelope-from freebsd-doc@fjl.co.uk) User-Agent: K-9 Mail for Android In-Reply-To: References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: Centos on FreeBSD From: Frank Leonhardt Date: Tue, 14 Nov 2017 09:28:23 +0000 CC: "freebsd-questions@freebsd.org" Message-ID: <857E90DC-EF53-4716-A7EC-592361335071@fjl.co.uk> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 09:28:58 -0000 On 13 November 2017 13:46:24 GMT+00:00, "Igor V. Ruzanov" wrote: >Or it could even be QEMU with accelerator module kqemu.ko > >|you may run CentOS (or any other Linux system) on FreeBSD with bhyve ( >|http://bhyve.org/) and also do the management with vm-bhyve ( >|https://github.com/churchers/vm-bhyve) which also has templates for >CentOS ( >|https://github.com/churchers/vm-bhyve/blob/master/sample-templates/centos7.conf) >|or any other management wrapper. I have tried really hard to like bhyve. I think the biggest problem and I have is with the documentation. As the BSD native hypervisor, this is a really bad thing! If I understood it, I would write some myself. What I need is an explanation of HOW to use it; examples. The only one around tells you how to run FreeBSD as a guest on FreeBSD. This is not useful. Documentation then goes on to say you can run "most" Linux distributions, and starts talking about firmware that's not specified anywhere. What is "firmware" supposed to mean? I assume they mean some kind of BIOS ROM image (only Firmware when blown in to ROM, but I guess they don't mean that). Then what are you supposed to do about graphics mode? Do you need to install X? Xen is easy. Just set up an QEMU emulated VGA card and an IP address for the VNC server. Installing CentOS switches to graphics mode half way through. How does that work with Bhyve? Virtual box is, apparently, deprecated. Its really easy once you have X installed. With Xen, Virtual box, ESXi you can have anything including Windows installed from a CD. No one can say, step by step, how to do this on bhyve. Or can they and I just can't find it? Thanks, Frank. From owner-freebsd-questions@freebsd.org Tue Nov 14 09:42:08 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83EE5DB95EC for ; Tue, 14 Nov 2017 09:42:08 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 40DC2774AD for ; Tue, 14 Nov 2017 09:42:07 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 235AD15BA for ; Tue, 14 Nov 2017 09:42:05 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: pkgng error when installing To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <7d0785fd-54f4-28db-5e63-94970833ce1f@FreeBSD.org> Date: Tue, 14 Nov 2017 09:42:04 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 09:42:08 -0000 On 13/11/2017 21:10, Andrew W via freebsd-questions wrote: > When installing a package Im getting /usr/local/lib/libpkg.so.4: > Undefined symbol "utimensat" > > Got this twice on two different machines with two different packages. > > Immediately before both times pkgng updated itself to the latest version > so it would appear that upgrade has gone wrong somwhere. > > Has anyone else experienced this? > Yes, this issue has been done to death on the lists quite recently. You are trying to install packages compiled for a newer version of the OS than you have installed. As you have discovered, this is not guaranteed to work, and you should update your machines to a currently supported release if you want to carry on using the FreeBSD supplied packages. Cheers, Matthew From owner-freebsd-questions@freebsd.org Tue Nov 14 10:31:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2F8ADBA666 for ; Tue, 14 Nov 2017 10:31:28 +0000 (UTC) (envelope-from WDenRuyter@jaga.be) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CC8E478D38 for ; Tue, 14 Nov 2017 10:31:28 +0000 (UTC) (envelope-from WDenRuyter@jaga.be) Received: by mailman.ysv.freebsd.org (Postfix) id CB7D4DBA665; Tue, 14 Nov 2017 10:31:28 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAF61DBA664 for ; Tue, 14 Nov 2017 10:31:28 +0000 (UTC) (envelope-from WDenRuyter@jaga.be) Received: from mailhost2.jaga.be (mailhost2.jaga.be [81.82.252.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "IMSVA.TREND", Issuer "IMSVA.TREND" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E85AD78D35 for ; Tue, 14 Nov 2017 10:31:26 +0000 (UTC) (envelope-from WDenRuyter@jaga.be) Received: from mailhost2.jaga.be (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F0772100628 for ; Tue, 14 Nov 2017 11:03:19 +0100 (CET) Received: from mail.jaga.be (unknown [10.20.0.36]) by mailhost2.jaga.be (Postfix) with ESMTPS id DA787100627 for ; Tue, 14 Nov 2017 11:03:19 +0100 (CET) Received: from mp-exch2k13.Jaga.local (10.20.0.36) by mp-exch2k13.Jaga.local (10.20.0.36) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 14 Nov 2017 11:03:19 +0100 Received: from mp-exch2k13.Jaga.local ([fe80::b514:1c08:7b9f:3524]) by mp-exch2k13.Jaga.local ([fe80::b514:1c08:7b9f:3524%12]) with mapi id 15.00.1210.000; Tue, 14 Nov 2017 11:03:19 +0100 From: Wim Den Ruyter To: "questions@freebsd.org" Subject: Question - Enlarging Disk Thread-Topic: Question - Enlarging Disk Thread-Index: AdNdL59EJODGF0AzSMe77HAc+EElhA== Date: Tue, 14 Nov 2017 10:03:18 +0000 Message-ID: <1c6dae42d78c455b92d3ec0583dea481@mp-exch2k13.Jaga.local> Accept-Language: nl-BE, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.20.1.28] x-tm-as-product-ver: SMEX-11.0.0.4179-8.100.1062-23464.003 x-tm-as-result: No--12.069800-0.000000-31 x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No MIME-Version: 1.0 X-TM-AS-GCONF: 00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 10:31:29 -0000 Hi My system is [cid:image001.png@01D35D38.2E1F47B0] My disks are in vmware I have enlarged and added disk already How do I grow the file system ? [cid:image002.png@01D35D38.2E1F47B0] What commands do I use to do this ? Regards Wim -------------------------------------------------------------------------= ----------- This e-mail and any attachments may contain confidential and privileged i= nformation. If you are not the intended recipient, please notify the sender immediate= ly by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the i= ntended recipient is unauthorized and may be illegal. It is intended solely for the addressee, or the employee or agent respons= ible for delivering such materials to the addressee. ************************************************************* From owner-freebsd-questions@freebsd.org Tue Nov 14 10:42:43 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C553DBA980 for ; Tue, 14 Nov 2017 10:42:43 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 196AF79471 for ; Tue, 14 Nov 2017 10:42:43 +0000 (UTC) (envelope-from herbert@gojira.at) Received: by mailman.ysv.freebsd.org (Postfix) id 15CFDDBA97F; Tue, 14 Nov 2017 10:42:43 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 157D5DBA97E for ; Tue, 14 Nov 2017 10:42:43 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mail.bsd4all.net (mail.bsd4all.net [IPv6:2a01:4f8:191:217b::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.bsd4all.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D7CB879470 for ; Tue, 14 Nov 2017 10:42:42 +0000 (UTC) (envelope-from herbert@gojira.at) Received: by mail.bsd4all.net (Postfix, from userid 1001) id 60E92A644; Tue, 14 Nov 2017 11:42:30 +0100 (CET) Date: Tue, 14 Nov 2017 11:42:30 +0100 From: "Herbert J. Skuhra" To: Wim Den Ruyter Cc: "questions@freebsd.org" Subject: Re: Question - Enlarging Disk Message-ID: <20171114104230.GA45667@mail.bsd4all.net> References: <1c6dae42d78c455b92d3ec0583dea481@mp-exch2k13.Jaga.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1c6dae42d78c455b92d3ec0583dea481@mp-exch2k13.Jaga.local> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 10:42:43 -0000 On Tue, Nov 14, 2017 at 10:03:18AM +0000, Wim Den Ruyter wrote: > Hi > > My system is > > [cid:image001.png@01D35D38.2E1F47B0] > > My disks are in vmware > I have enlarged and added disk already > > How do I grow the file system ? > > [cid:image002.png@01D35D38.2E1F47B0] > > What commands do I use to do this ? 1. Don't post images/binaries 2. Read https://www.freebsd.org/doc/handbook/disks-growing.html -- Herbert From owner-freebsd-questions@freebsd.org Tue Nov 14 12:36:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F672DBD806 for ; Tue, 14 Nov 2017 12:36:58 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp205.alice.it (smtp205.alice.it [82.57.200.101]) by mx1.freebsd.org (Postfix) with ESMTP id 102CD7CA00 for ; Tue, 14 Nov 2017 12:36:57 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (95.244.5.124) by smtp205.alice.it (8.6.060.28) id 5A03A4560178B256; Tue, 14 Nov 2017 13:36:50 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id vAECajZ5010782; Tue, 14 Nov 2017 13:36:47 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: Centos on FreeBSD To: freebsd-questions@freebsd.org, freebsd-doc@fjl.co.uk References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> <857E90DC-EF53-4716-A7EC-592361335071@fjl.co.uk> From: Andrea Venturoli Message-ID: Date: Tue, 14 Nov 2017 13:36:39 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <857E90DC-EF53-4716-A7EC-592361335071@fjl.co.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 12:36:58 -0000 On 11/14/17 10:28, Frank Leonhardt wrote: > I have tried really hard to like bhyve. I think the biggest problem and I have is with the documentation. As the BSD native hypervisor, this is a really bad thing! If I understood it, I would write some myself. As a newbye to bhyve, I went the sysutils/vm-bhyve route: it tries to simplify things and adds a load of documentation on its own wiki. > Then what are you supposed to do about graphics mode? Do you need to install X? Xen is easy. Just set up an QEMU emulated VGA card and an IP address for the VNC server. From 11.x bhyve has its own VNC server and does not need X. > Installing CentOS switches to graphics mode half way through. How does that work with Bhyve? Start the VM and connect to it via VNC, I guess. That's how it works with Windows, at least. > Virtual box is, apparently, deprecated. I've used VirtualBox in the past and I must say, at least at first glance, I like bhyve *MUCH* better. > No one can say, step by step, how to do this on bhyve. Or can they and I just can't find it? Try and have a look here: https://github.com/churchers/vm-bhyve/wiki HTH. bye av. From owner-freebsd-questions@freebsd.org Tue Nov 14 12:47:18 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BEFE1DBDE21 for ; Tue, 14 Nov 2017 12:47:18 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8D1567D139 for ; Tue, 14 Nov 2017 12:47:17 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from raspberrypi.bildanet.com ([65.186.81.207]) by cmsmtp with ESMTP id Eaa9e3S4fvKggEaaCeKO0N; Tue, 14 Nov 2017 12:44:52 +0000 Received: from [192.168.1.143] (helo=desktop.example.com) by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1eEacM-0006EC-Te for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 12:47:06 +0000 Subject: Re: Updating Instructions To: freebsd-questions@freebsd.org References: From: Baho Utot Message-ID: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> Date: Tue, 14 Nov 2017 07:47:06 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfEYmzKUUNGpJRlxUqJLs01d8REdjv4gS8onyxaMeAGpkU/dPvqyDZQk1BESKAtomBX9ZWAujGl1QCy7Ul7Pxmq9Dee3qxDKq99iJfGRw8L+cbrNNyUSj TmcaXcPN8JdU6a/D/472RoC27ANjICt8UQT/B6cjabeOd524bI8CUP0R1joki7W6u3E589ILn1SmDbA3zdZRJcsst0cGN6di/Sg= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 12:47:18 -0000 On 11/14/17 03:29, Carmel NY wrote: > Out of morbid curiosity, I was just wondering why instructions for updating a > moved or discontinued port are never posted for "synth", like they are for > "portupgrade" or "portmaster" in the UPDATING file? An example would be the > recent 20171112 change in the devel/oniguruma* port. > I think it is because synth is a bads word around here From owner-freebsd-questions@freebsd.org Tue Nov 14 13:00:53 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C134DBE3EE for ; Tue, 14 Nov 2017 13:00:53 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.home.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D24087D80E for ; Tue, 14 Nov 2017 13:00:51 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id vAED0eGB057086; Tue, 14 Nov 2017 13:00:40 GMT (envelope-from freebsd@qeng-ho.org) Subject: Re: Updating Instructions To: Baho Utot , freebsd-questions@freebsd.org References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> From: Arthur Chance Message-ID: Date: Tue, 14 Nov 2017 13:00:40 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 13:00:53 -0000 On 14/11/2017 12:47, Baho Utot wrote: > > > On 11/14/17 03:29, Carmel NY wrote: >> Out of morbid curiosity, I was just wondering why instructions for >> updating a >> moved or discontinued port are never posted for "synth", like they are >> for >> "portupgrade" or "portmaster" in the UPDATING file? An example would >> be the >> recent 20171112 change in the devel/oniguruma* port. >> > > > I think it is because synth is a bads word around here More likely that very few of us knew about it. This thread was the first time I heard of it. I've been using poudriere since shortly after it came out, and it works fine for me. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Tue Nov 14 13:21:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8D7CDBEAF3 for ; Tue, 14 Nov 2017 13:21:04 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4088B7E152 for ; Tue, 14 Nov 2017 13:21:04 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x22e.google.com with SMTP id b189so15054187wmd.0 for ; Tue, 14 Nov 2017 05:21:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aBp/AgBfSuQg7EOeZ9bT0c3COrljrElk3x5UK+ga1Lk=; b=V0rYfvo4Z758iCCYlpo808K9GdZzeDj8ZYSZmE7cUee/VqzCKjCaUmNKV5PBaOJZI/ dlxy4vGi9p7Z+BcgK+awSQd/4+Cz0JdY9N5SxJWkSgSipmO0PFzCvSJRKieCw8j1odeu XdTBPK8QM/XRsEJkjbvgErpOO35bapj+zbXIS/yAE/fYXHf8LWRKYYJ3dbBzYgFS56pS dMCUCjTt2JU0sH8tH9+WTOk9DnMl3q3VAR18sY9LdL+Da3AJPl6tBxZ/P5FWbGRXKbVr +hrh+2Com8zvMVvlHdlpNSZoi0koyWpujo0uhqHS6rbbUpMf/5WZmuymdS432nhiOoKv djUg== X-Gm-Message-State: AJaThX5OTfiY7RC4WgSKAoKOqUYDfDwbkU0UvS8sVQTK3vxpIb2gd+yX NsLslI6f82mIjeL9ScOl72T6MA== X-Google-Smtp-Source: AGs4zMYs0UgXj/eaqU/oR0sAcAXrhAV4BEb4S92rY9xFoYnwSpNszj9EfBx+DDRwQS332z1b192GHg== X-Received: by 10.80.225.138 with SMTP id k10mr6505189edl.216.1510665661343; Tue, 14 Nov 2017 05:21:01 -0800 (PST) Received: from gumby.homeunix.com ([81.17.24.158]) by smtp.gmail.com with ESMTPSA id a1sm15186405edb.37.2017.11.14.05.20.59 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 14 Nov 2017 05:21:00 -0800 (PST) Date: Tue, 14 Nov 2017 13:20:56 +0000 From: RW To: freebsd-questions@freebsd.org Subject: Re: Updating Instructions Message-ID: <20171114132056.2e1122f8@gumby.homeunix.com> In-Reply-To: References: X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 13:21:04 -0000 On Tue, 14 Nov 2017 08:29:23 +0000 Carmel NY wrote: > Out of bogo-learn-bsmorbid curiosity, I was just wondering why > instructions for updating a moved or discontinued port are never > posted for "synth", like they are for "portupgrade" or "portmaster" > in the UPDATING file? An example would be the recent 20171112 change > in the devel/oniguruma* port. Have you any particular reason to think they are needed? There are no such instructions for updating with pkg and that's what synth uses after building local packages. From owner-freebsd-questions@freebsd.org Tue Nov 14 13:23:02 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 046A6DBED91 for ; Tue, 14 Nov 2017 13:23:02 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-oln040092008096.outbound.protection.outlook.com [40.92.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B07BC7E429 for ; Tue, 14 Nov 2017 13:23:01 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RBZ1TqWRz8daO9u1qZDdjbphqO+yJJ9DzgaKga9JxWE=; b=Kfd8snz18w512GPiHLdISNFN8rlbrJXJBu9Iv/eVHAnTzZlEDu1k0J2IF0//ooP1aDZUeWKq9LFbnS3ra1ctTVyGhR9Ns24YGFIfv/1cZVEcnqpV57qE0bZTiBn0cisDQfWtN5oZ7g9zdtlR/dXi8pCoI229bg6a/QFmlKfaxtxIA2iJay2g9Z5UD6AAZXiP5Y68gWeVr7Hs9GIXwAdA3oxpafCXV7Fl3pHec78UvOqoBqHgsnDWfan/H+Ozn50kjnZf42eQVqyHT9IbprGseq7Vb36VXhe2dvLZe/n2IQ8i+CgMcvIqhxbHVOXm0TeV2DJyeUgMe/VhjVzgTG7vQw== Received: from DM3NAM03FT037.eop-NAM03.prod.protection.outlook.com (10.152.82.55) by DM3NAM03HT239.eop-NAM03.prod.protection.outlook.com (10.152.83.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.218.12; Tue, 14 Nov 2017 13:23:00 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com (10.152.82.59) by DM3NAM03FT037.mail.protection.outlook.com (10.152.83.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.218.12 via Frontend Transport; Tue, 14 Nov 2017 13:23:00 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) by BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 13:22:59 +0000 From: Carmel NY To: FreeBSD Subject: Re: Updating Instructions Thread-Topic: Updating Instructions Thread-Index: AQHTXSKs84Rj6nR6Nkend9uO6MDOIg== Date: Tue, 14 Nov 2017 13:22:59 +0000 Message-ID: References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> In-Reply-To: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:C3E2036F53AFF27789F8436A3AF699743A7DA41E2DDB90ADAEDD947985A99046; UpperCasedChecksum:27E6F21EDE48F7B6719BECF247CF54419C349A7914328D127E7F5027C4A927C6; SizeAsReceived:7136; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [iM01JQ5gIT2c4Ue2WL4797mFOOkuAyG5] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM3NAM03HT239; 6:4aVyMphfsaIQgp/e4Wv2lDOPYs3oEy5NT6r1e+r9dkQzQYfgketehaf6m1uvw0uDrW8uRuKESWruv90ky16MlYyY+so6TcrL1H2V9i45v5dZ4Phjb768u6Blgboipdc5zZ+KTd6IAI8VgiXft7QvFRfWojpfopxv/o/RPof3HrfqsKaG3zDh33vHckKJFlIym5f21ZF8TEW/eqER4imBuXMNsZOmM4O8QUJgBvL6SEPN3cq7HXLB9dlvEP6HkIw2qIYO3zd1qNusMXUj86qzQUxBkxfvwYyp6/ZIhMoR3EOK+0oXhMVRvpOG1DI1iF364fE2DYc2oyXcqRCAd/ho9u78a6GNnD/SFUJeZ+9uevw=; 5:D/9fgCmJ2b/bxvE4YCodCop2FH7GgBLj1zqpC+poXDxJHt1FSJRq4B35hXLllk3K7WIVDl17HA+q6eK9UUWBkGhiG5aaP6qxBYmnVpsB8yIVthQu9CEhkgWNpMQVpmQtzrzXbPZdup/SUCZBkdgS+CeJMYFWrlAMf/AoSoz+QfY=; 24:TJPzku+MDmAtkoAaUVXEXWL6y81/+VLUXjnLS6AZalJh3+pxf01ZHJ5NBHpT9z4wFdciX2KwAtZ24VKNf+H/8iPeezAiDBTgeljMVRSDupM=; 7:Q15pVna55qcpYRgD6ClVTx0pVWCPlLlpiDLEixaCm/J/Sope8MQEJKMCI2Vdm1dZui/3/til5Wn42YN6IpGZVnuSAIfnZrxw8xxaOGtmZ9Y2NLsAn/cgSss04XNLPu4NfGAhf4989k7wGTxGq0d800DViotN5M/To+FodZswgW4FiU99BopQUQNgkZ39BefkmnqzQ+b7gd6OyLUp45s2NXk9iD4pLUGNci74fmF1YWc2c170rucNBSTWluMYcO0L x-incomingheadercount: 47 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: d0e45e79-8774-4ec3-94b5-08d52b62d2c6 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:DM3NAM03HT239; x-ms-traffictypediagnostic: DM3NAM03HT239: authentication-results: outbound.protection.outlook.com; spf=skipped (originating message); dkim=none (message not signed) header.d=none; dmarc=none action=none header.from=outlook.com; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:DM3NAM03HT239; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM3NAM03HT239; x-forefront-prvs: 04916EA04C x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:DM3NAM03HT239; H:BN6PR2001MB1730.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <565CF6B984A4EC4D8F01527EC805E869@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d0e45e79-8774-4ec3-94b5-08d52b62d2c6 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 13:22:59.5343 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM03HT239 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 13:23:02 -0000 On Tue, 14 Nov 2017 13:00:40 +0000, Arthur Chance stated: >On 14/11/2017 12:47, Baho Utot wrote: >>=20 >>=20 >> On 11/14/17 03:29, Carmel NY wrote: =20 >>> Out of morbid curiosity, I was just wondering why instructions for >>> updating a >>> moved or discontinued port are never posted for "synth", like they are >>> for >>> "portupgrade" or "portmaster" in the UPDATING file? An example would >>> be the >>> recent 20171112 change in the devel/oniguruma* port. >>> =20 >>=20 >>=20 >> I think it is because synth is a bads word around here =20 > >More likely that very few of us knew about it. This thread was the first >time I heard of it. I've been using poudriere since shortly after it >came out, and it works fine for me. > Personally, I consider "poudriere" over kill for the average user, especial= ly a user who is using FreeBSD on a single PC or laptop. I realize that the updates needed to run synth on FreeBSD-12 are not in pla= ce, and perhaps never will be. In that case, I will be happy to stay with my present system or switch to a different OS. --=20 Carmel From owner-freebsd-questions@freebsd.org Tue Nov 14 13:33:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D416BDBF0CD for ; Tue, 14 Nov 2017 13:33:26 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 954737E84D for ; Tue, 14 Nov 2017 13:33:26 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [2.247.251.48] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1eEbL2-00007H-SK for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 14:33:17 +0100 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id vAEDXC3M004309 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Nov 2017 14:33:12 +0100 (CET) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.15.2/8.14.9/Submit) id vAEDXBOn004308 for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 14:33:11 +0100 (CET) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Tue, 14 Nov 2017 14:33:10 +0100 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: Re: Updating Instructions Message-ID: <20171114133310.GA4253@c720-r314251> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) X-message-flag: Mails containing HTML will not be read! Please send only plain text. User-Agent: Mutt/1.8.0 (2017-02-23) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 2.247.251.48 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 13:33:26 -0000 El d=C3=ADa martes, noviembre 14, 2017 a las 01:22:59p. m. +0000, Carmel NY= escribi=C3=B3: > Personally, I consider "poudriere" over kill for the average user, especi= ally > a user who is using FreeBSD on a single PC or laptop. The 'average user' should either install pre-build packages or compile ports from sources using poudriere, even if he/she does this on a single PC or laptop. Just my humble opinions after compiling ports 15++ years =66rom sources. matthias --=20 Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d= e/ =E2=98=8E +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub From owner-freebsd-questions@freebsd.org Tue Nov 14 14:13:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9D2FDBFF19 for ; Tue, 14 Nov 2017 14:13:26 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8D47D8025E for ; Tue, 14 Nov 2017 14:13:26 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x230.google.com with SMTP id y15so13722084ita.4 for ; Tue, 14 Nov 2017 06:13:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-transfer-encoding; bh=1m7ltoPLm249WFgzAM5/1/UHKcmC8ZkEJGE39juqnV4=; b=L5MD8Pj7NZVGMcSkE5cr8V64BFpn8mNsUE3g+WG5uJYAqDS9sTPDw4/c2i62t8mE/w wt5CmDHG4leK0bLcqk2Svh1yu2i/1FDNZ+uGeJp3DlEdObtWO0VA8+9/SXIEJqQ1SYuK nQ+4MNGuLtoMyizroAPangija3yC5aWaHL3O4cABQZy6WRmROBZzNRrzzwo9eU9gSi7k Sf/4NH6bo6Da1J/4PRnf65BaSHIBe0LuM4eWM2X5LcMGJdqv32vJ+08wcUwqz4hPXRsi 7TYYycxhsIgWIvZueKc+6K+0RVlnbcVAMZ4uWsuE08sm7ycC8YlrBkN1kxv6lyhwO2QU +v9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-transfer-encoding; bh=1m7ltoPLm249WFgzAM5/1/UHKcmC8ZkEJGE39juqnV4=; b=KUkaeuJ6AY5b9EI1Urwa19FGA+Rf5DEQu0Bu0zCS/o5QOhCYWaCuZjgDGllAJnW+dl 8l0w0tWMZRz4SfXWlbfpRfjcKYhnTivnKwLjPlOtXlm8lVyMpQo8sXvvUOVpgD1yKUwl dfYNGT47r5U/C4CJzoIe/QvAudiC1JbH21zd+dMdtjKqlbLJswBVdBIIkaYXE5RYDlyO FlKFIjEpL8PimDWXN7RsRmCxjrmOxRsdkdzoN/E8CnnyAoyRMyQYvyTuvsIV7WAzasxg F86NaPYyhWrXPumM2nic2Mw1mcMBZIYlD/OFYPMd9d2piFfbWT29maThy8p4R3CtQa+v CHAQ== X-Gm-Message-State: AJaThX4dwrUuVE2kPMF3FN4dWULaYBy1qGE6YV2yQI4AM0rQ2py0xwA6 GbK8oiMgcoP6NunRZBFEP00ZEw== X-Google-Smtp-Source: AGs4zMYQPY8DEmWg565em6RqiEgZWHkT85J+xG8pWi0PeEEuKrp3lSEipyxxNrnGa8QQaQBCz43K1g== X-Received: by 10.36.8.7 with SMTP id 7mr16261382itc.143.1510668806006; Tue, 14 Nov 2017 06:13:26 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id u84sm8672477ioi.53.2017.11.14.06.13.25 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Nov 2017 06:13:25 -0800 (PST) Message-ID: <5A0AFA04.2090801@gmail.com> Date: Tue, 14 Nov 2017 09:13:24 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Matthias Apitz , freebsd-questions@freebsd.org Subject: Re: Updating Instructions References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> <20171114133310.GA4253@c720-r314251> In-Reply-To: <20171114133310.GA4253@c720-r314251> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 14:13:26 -0000 Matthias Apitz wrote: > El día martes, noviembre 14, 2017 a las 01:22:59p. m. +0000, Carmel NY escribió: > >> Personally, I consider "poudriere" over kill for the average user, especially >> a user who is using FreeBSD on a single PC or laptop. > > The 'average user' should either install pre-build packages or compile > ports from sources using poudriere, even if he/she does this on a single > PC or laptop. Just my humble opinions after compiling ports 15++ years > from sources. > > matthias I agree that "poudriere" is over kill for the average user. It's an un-needed work horse that just complicates things. The current direction is toward always using packages first, and now pkg flavors will address many of the reasons previously requiring a port compile, and only as a last resort compiling the single port without requiring the complete port tree being installed. I see "poudriere" as a necessary tool for the builders of the package system and maybe some side case users. But it is not a main stream tool and the handbook should document as such. From owner-freebsd-questions@freebsd.org Tue Nov 14 14:31:09 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E6F5DC046B for ; Tue, 14 Nov 2017 14:31:09 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47CAD807B5 for ; Tue, 14 Nov 2017 14:31:08 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from [10.153.81.227] ([185.69.144.81]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vAEEUtp1086212 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Nov 2017 14:30:56 GMT (envelope-from frank2@fjl.co.uk) User-Agent: K-9 Mail for Android In-Reply-To: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> References: <4BCA6431-EF9F-41A6-A724-2E045C3A0270@fjl.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: Centos on FreeBSD From: "Frank Leonhardt (m)" Date: Tue, 14 Nov 2017 11:29:25 +0000 To: "freebsd-questions@freebsd.org" Message-ID: <650CFA51-D2F4-4C33-85A0-A14FBCB5B696@fjl.co.uk> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 14:31:09 -0000 On 13 November 2017 13:33:35 GMT+00:00, Frank Leonhardt wrote: >What's the best way to run Centos/Red Hat 7 64 bit on FreeBSD? I've got >it running fairly happily on Xen, but I get the feeling it's not quite >right. It takes a very long time to boot, for example. > >I did think of running CentOS as Dom0 and BSD as DomU, but there must >be a better way. > >Before I delve into why CentOS takes ten minutes to boot (no clue on >screen, of course), is there a better hypervisor? I would prefer not to >run X. Talking to CentOS on VNC suits me very well. > >Thanks, Frank. Hold the front page! I just found a blog post by Adam Strohl that had just the instructions for bhyve I need. -- Sent from my Cray X/MP with small fiddling keyboard. From owner-freebsd-questions@freebsd.org Tue Nov 14 14:34:19 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7FFADC05BD for ; Tue, 14 Nov 2017 14:34:19 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.home.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 758D580C05 for ; Tue, 14 Nov 2017 14:34:18 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id vAEEYFVd057479; Tue, 14 Nov 2017 14:34:15 GMT (envelope-from freebsd@qeng-ho.org) Subject: Re: Updating Instructions To: Matthias Apitz , freebsd-questions@freebsd.org References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> <20171114133310.GA4253@c720-r314251> From: Arthur Chance Message-ID: <806fdb3d-530a-3d38-2f7c-7b4c5d6fbadd@qeng-ho.org> Date: Tue, 14 Nov 2017 14:34:15 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171114133310.GA4253@c720-r314251> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 14:34:19 -0000 On 14/11/2017 13:33, Matthias Apitz wrote: > El día martes, noviembre 14, 2017 a las 01:22:59p. m. +0000, Carmel NY escribió: > >> Personally, I consider "poudriere" over kill for the average user, especially >> a user who is using FreeBSD on a single PC or laptop. > > The 'average user' should either install pre-build packages or compile > ports from sources using poudriere, even if he/she does this on a single > PC or laptop. Just my humble opinions after compiling ports 15++ years > from sources. In terms of numbers, the "average user" for FreeBSD may well be a Netflix or Cloudflare(*) devop. :-) If you mean a user with uncomplicated needs, I'd agree with you. In my case I've got ten machines, with two hardware architectures, some externally visible so with more paranoid port options than in house ones. For that poudriere is wonderful. (*) ISTR they use FBSD. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Tue Nov 14 14:38:54 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9DB1DC07CC for ; Tue, 14 Nov 2017 14:38:54 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 09C5580E35; Tue, 14 Nov 2017 14:38:54 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x232.google.com with SMTP id q66so17665201wrb.13; Tue, 14 Nov 2017 06:38:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=nF/T/5Xq+w2ZSQGrmcwqaoSjzEjDFE3jwGyUKD2tYmM=; b=nMZp7covIg9F0u6lfTCCOOPqCJJSeioaQHRwtIUjOK/dtw50z7/tcSTgwAY8KKgEls 2SblLUDPHrBd6jzxO8BaxsEIjPYE7JcGSw9GmIf32LY2EC6dFpNwCUVMYbuO3VF9RxCB imY1T3sHADoRZ+pS1+H0XWMYi2h0i62QQ8NAD3rCfNHTHdF+biIJfxMrga9mnvbnqMNc U1qelciSF4+ivLjTO24KElvfOk3mWHZWfGLe2EQusDKp+aOTpwZZ373R9TaHllgp+95i BDj/9zH+lUjFEHuRk94t7Qz1AnjqqSs0ZK5/aq88vZL0C/VDN9gtrDj2BsNSGrwigBtc KXcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=nF/T/5Xq+w2ZSQGrmcwqaoSjzEjDFE3jwGyUKD2tYmM=; b=XCJQXG1yim+GBIHOtorbBIggALE5NvwzELqemA/Tm2PGtSiP05R46jFHlqgAEYQelU G7pOhdR4s5rmxzl0b/72uaAme8fw6rAreenvFNnmKRWaSqg+LHcVCIn80NHCoOBB9mP0 NaGv1wAAaagJaHqnTFDiQ78EPQOG9HLfYbFQT8W4X18HHkTFD/RgVna0/5bOuAUhyyAl pKgnGj56erx9yhBkeaRQIrofkZP1MgTkuMbI+Y7eJlixf51lD9LDm6U275+t2A3bv2Lc a+30PostSHSq5ikPWGgKkoTgg1bO1LlHH55UfAOtunrU37Z7GLlzmY3ngR7X3kJzksjj H42A== X-Gm-Message-State: AJaThX5NMs1FjWq31ssxpoWfSEHp8ReUySLuLu3Na8ulJJHrHLRrKma2 xBrK7Bzy+pGTPGkz7m9w4+eIO3R30CaG62Yb1wuHWafy X-Google-Smtp-Source: AGs4zMZoNcqZgGV2K88gDEu72+BJwFv/3iTH4M3dFh//jAnqlqE9TTj35ud19YjKm7M9KROGGgi0W428yO/GxYu5W0I= X-Received: by 10.223.141.148 with SMTP id o20mr9272772wrb.35.1510670332334; Tue, 14 Nov 2017 06:38:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Tue, 14 Nov 2017 06:38:51 -0800 (PST) In-Reply-To: References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> From: Cos Chan Date: Tue, 14 Nov 2017 15:38:51 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 14:38:54 -0000 On Tue, Nov 14, 2017 at 9:31 AM, Cos Chan wrote: > > > On Mon, Nov 13, 2017 at 3:17 PM, Cos Chan wrote: > >> >> >> On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith wrote: >> >>> On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: >>> >>> > Dear All >>> > >>> > Thanks Ian's great help, I have solved problem to post banned entries >>> from >>> > blacklistd to ipfw. >>> >>> Well, we're some of the way there :) We really need Kurt Lidl's eyes on >>> this to make real progress, and indications are that my and your emails >>> cc'ing him were still being deferred for some reason - maybe he's away? >>> >>> > The original message was received at Tue, 7 Nov 2017 10:12:05 -0500 >>> (EST) >>> > from mx2.freebsd.org [8.8.178.116] >>> > >>> > ----- Transcript of session follows ----- >>> > ... Deferred: Operation timed out with hydra.pix.net. >>> > Warning: message still undelivered after 4 hours >>> > Will keep trying until message is 1 week, 3 days old >>> >>> >>> > To my knowledge the problem is: >>> > >>> > I setup sshd+blacklistd without ipfw at first. Then I got problem the >>> entry >>> > was never reached nfail number (is it a bug?). >>> >>> The first issue was because of a severe deficiency in blacklistd-helper, >>> in that it doesn't actually check that the chosen firewall is running, >>> and it then fails to detect commands for that firewall that do not (can >>> not) succeed as any sort of error! More about that below. >>> >>> The second, however, was mainly that you missed that nfail set to '*' >>> means that the host is NOT to be blocked, no matter how many auth or >>> other failures that (in this case) sshd reports. >>> >>> That also answers another question you had .. "nnn/-1" indicates that >>> nfail=* ie never to be blocked. These still get accumulated in the >>> database, but are not applied as ipfw block rule table entries. >>> >>> >>> > so I have to change the nfail to * to get the entry into banned list. >>> >>> In combination with other factors - like whether ipfw was running at the >>> time - that got blacklistd to record reported failures to its database, >>> but not to execute the 'add' commands to blacklistd-helper, so that >>> address was not in fact blocked, and subsequent attempts kept trying. >>> >>> > But while I setup ipfw, the nfail=* would not activate >>> blacklistd-helper so >>> > no entry in blacklist banned list were added to ipfw. >>> >>> Yes, nfail=* means NEVER block these failed addreses. blacklistd.conf(5) >>> >>> > I have modify the blacklistd nfail to 2, sshd MaxAuthTries to 3. The >>> > blacklist entries working fine. >>> >>> With ipfw running, yes :) But it should have failed - noisily - sooner. >>> >>> When ipfw is running, issuing this will show you the addresses blocked: >>> >>> # ipfw table port22 list >>> >> >> until now it seems working on list updating. but I am not sure if it is >> really working fine. >> >> here is one strange record: >> >> $ sudo blacklistctl dump -b | grep 1662 >> 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 >> >> This IP was blocked in ipfw from last week. while I checked it last week >> Friday it was 800+/1 in blacklist and until today it become 1662. >> >> To my knowledge the ipfw should block the connection, the times of banned >> IP should be not increased? >> >> I could see more entries with more than 3/1, for example: >> >> 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 >> 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 >> 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 >> 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 >> 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 >> 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 >> 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 >> 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 >> 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 >> 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 >> 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 >> 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 >> >> These records I am not sure if they were not increased after added to >> ipfw list. but the 1662 times one, I am sure it was increased after ipfw >> had the ip in list. >> > > add the ipfw rules: > > $ sudo ipfw list > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 deny ip from any to ::1 > 00500 deny ip from ::1 to any > 00600 allow ipv6-icmp from :: to ff02::/16 > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > 02022 deny tcp from table(port22) to any dst-port 22 > 65000 allow ip from any to any > 65535 deny ip from any to any > the more logs might be useful: $ sudo tail security Nov 14 15:09:07 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 192.168.11.15:22 in via em0 Nov 14 15:09:21 res kernel: ipfw: 2022 Deny TCP 123.125.203.196:6920 192.168.11.15:22 in via em0 Nov 14 15:10:11 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 192.168.11.15:22 in via em0 Nov 14 15:10:33 res kernel: ipfw: 2022 Deny TCP 83.12.107.106:6920 192.168.11.15:22 in via em0 Nov 14 15:11:08 res last message repeated 15 times Nov 14 15:12:32 res last message repeated 4 times Nov 14 15:21:10 res kernel: ipfw: 2022 Deny TCP 201.147.183.55:60299 192.168.11.15:22 in via em0 Nov 14 15:21:17 res last message repeated 3 times Nov 14 15:25:38 res kernel: ipfw: 2022 Deny TCP 105.226.55.239:48315 192.168.11.15:22 in via em0 Nov 14 15:26:18 res last message repeated 12 times $ sudo tail auth.log Nov 14 15:07:24 res sshd[9029]: input_userauth_request: invalid user admin [preauth] Nov 14 15:10:33 res sshd[9052]: Invalid user omni from 83.12.107.106 Nov 14 15:10:33 res sshd[9052]: input_userauth_request: invalid user omni [preauth] Nov 14 15:25:37 res sshd[9144]: reverse mapping checking getaddrinfo for 105-226-55-239.south.dsl.telkomsa.net [105.226.55.239] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 14 15:25:37 res sshd[9144]: Invalid user admin from 105.226.55.239 Nov 14 15:25:37 res sshd[9144]: input_userauth_request: invalid user admin [preauth] Nov 14 15:26:08 res sshd[9152]: Received disconnect from 121.18.238.123 port 42391:11: [preauth] Nov 14 15:26:08 res sshd[9152]: Disconnected from 121.18.238.123 port 42391 [preauth] The IP 105.226.55.239 looks like banned by IPFW, but still connected to sshd? > > >> >> >>> > BUT I found another problem. >>> > >>> > The output of blacklist dump is strange: >>> > >>> > $ sudo blacklistctl dump >>> > address/ma:port id nfail last access >>> > 96.227.104.132/32:22 0/2 1970/01/01 01:00:00 >>> > 89.245.78.187/32:22 0/2 1970/01/01 01:00:00 >>> > 116.193.162.203/32:22 1/2 2017/11/09 11:48:05 >>> > >>> > Since the blacklistd accepts instruction from sshd. how could be 0/2 >>> > entries presented there? I am sure my successful logins were not >>> added to >>> > blacklistd. >>> >>> 1970/01/01 01:00:00 is just the UNIX '0' timestamp, in this case plus >>> one hour (your TZ offset). It here means 'no previous entry'. Not sure >>> about that 0/2, but there are several different codes returned by sshd >>> including success, failed auth and 'abusive behaviour' .. I'm not sure >>> which ones your reports (including in off-list mail) indicate. >>> >>> As for the mysterious 'n-1' behaviour you mentioned offlist for nfail, >>> in /usr/src/contrib/blacklist/bin/blacklistd.c there's this: >>> >>> switch (bi->bi_type) { >>> case BL_ABUSE: >>> /* >>> * If the application has signaled abusive behavior, >>> * set the number of fails to be one less than the >>> * configured limit. Fallthrough to the normal BL_ADD >>> * processing, which will increment the failure count >>> * to the threshhold, and block the abusive address. >>> */ >>> if (c.c_nfail != -1) >>> dbi.count = c.c_nfail - 1; >>> /*FALLTHROUGH*/ >>> case BL_ADD: >>> dbi.count++; >>> dbi.last = ts.tv_sec; >>> if (dbi.id[0]) { >>> /* >>> * We should not be getting this since the rule >>> * should have blocked the address. A possible >>> * explanation is that someone removed that rule, >>> * and another would be that we got another >>> attempt >>> * before we added the rule. In anycase, we >>> remove >>> * and re-add the rule because we don't want to >>> add >>> * it twice, because then we'd lose track of it. >>> */ >>> (*lfun)(LOG_DEBUG, "rule exists %s", dbi.id); >>> (void)run_change("rem", &c, dbi.id, 0); >>> dbi.id[0] = '\0'; >>> } >>> if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { >>> int res = run_change("add", &c, dbi.id, sizeof( >>> dbi.id)); >>> if (res == -1) >>> goto out; >>> sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", >>> (void *)&rss); >>> (*lfun)(LOG_INFO, >>> "blocked %s/%d:%d for %d seconds", >>> rbuf, c.c_lmask, c.c_port, c.c_duration); >>> >>> } >>> break; >>> >>> But if the 'add' command via blacklistd-helper fails, it will never add >>> the 1 .. I'm not certain about this, but it could explain what you see, >>> although I can't discern whether sshd is reporting BL_ADD or BL_ABUSE. >>> >>> You might instead try MaxAuthTries 4 .. sshd_config(5) says: >>> >>> MaxAuthTries >>> Specifies the maximum number of authentication attempts >>> permitted >>> per connection. Once the number of failures reaches half >>> this >>> value, additional failures are logged. The default is 6. >>> >>> Half of 3 as an integer is only 1, but half of 4 is 2. See if it helps? >>> >> >> I didnt change the MaxAuthTries, since I found something interesting from >> the different logs concerning that issue: >> >> From blacklistctl dump: >> >> $ sudo blacklistctl dump >> address/ma:port id nfail last access >> 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 >> 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 >> 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 >> 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 >> 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 >> 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 >> 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 >> 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 >> >> From sshd log: >> >> Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 >> Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 >> Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi >> [preauth] >> Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi >> [preauth] >> ... >> Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 >> Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user >> support [preauth] >> Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from >> 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 >> Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user >> admin [preauth] >> Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from >> 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 >> Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user >> admin [preauth] >> Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from >> 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 >> Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user >> ubnt [preauth] >> Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from >> 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from 123.31.26.123 >> Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user >> PlcmSpIp [preauth] >> Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from >> 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 >> Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user >> admin [preauth] >> Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from >> 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail >> [preauth] >> >> I see 2 problems: >> >> Problem 1: >> The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it >> tried only 2 times. >> But in my opinion it should be recorded to blacklistd as 2/1 instead of >> 0/1. >> >> Problem 2: >> The IP 123.31.26.123 was trying to use different user name to login more >> than 3 times. it was also recorded in blacklistd as 0/1. >> >> In my opinion the above 2 all should be banned by blacklistd. >> >> >>> >>> > I am trying to find out the reason from log but I dont know how to see >>> > blacklistd log. man page said that is to syslogd but what the >>> facility it >>> > is? or some other ways to get out log? >>> >>> Not sure of the facility but when using the -v switch, as you have been, >>> logging goes to stderr instead of syslog. Without -v you should see it >>> logging to /var/log/messages. If not, try adding to /etc/syslog.conf: >>> >>> !blacklistd >>> *.* /var/log/myblacklistd.log >>> >>> then '# touch /var/log/myblacklistd.log && service syslogd restart' >>> >> >> Unfortunately I started the logging later than Nov 11 03:50:57, so I >> didnt get the log of "0/1" records yet. >> > > > got the log for one new "0/1" entry: > > $ sudo blacklistctl dump > address/ma:port id nfail last access > 24.7.90.146/32:22 0/1 1970/01/01 01:00:00 > ... > > $ sudo cat auth.log | grep 24.7.90.146 > Nov 14 02:13:58 res sshd[6212]: Invalid user pi from 24.7.90.146 > Nov 14 02:13:58 res sshd[6215]: Invalid user pi from 24.7.90.146 > Nov 14 02:13:59 res sshd[6215]: Connection closed by 24.7.90.146 port > 34746 [preauth] > Nov 14 02:13:59 res sshd[6212]: Connection closed by 24.7.90.146 port > 34742 [preauth] > > $ cat myblacklistd.log | grep 'Nov 14' > ... > Nov 14 02:09:11 res blacklistd[5590]: blocked 202.51.74.55/32:22 for -1 > seconds > Nov 14 02:11:06 res blacklistd[5590]: rule exists OK > Nov 14 02:11:06 res blacklistd[5590]: blocked 202.51.74.55/32:22 for -1 > seconds > Nov 14 02:14:43 res blacklistd[5590]: blocked 66.232.147.46/32:22 for -1 > seconds > Nov 14 02:16:40 res blacklistd[5590]: rule exists OK > > could not see operation against that IP from blacklistd.log > > >> >> >>> >>> Ok, problems with blacklistd-helper; the first bit verbatim, tabs lost: >>> >>> #!/bin/sh >>> #echo "run $@" 1>&2 >>> #set -x >>> # $1 command >>> # $2 rulename >>> # $3 protocol >>> # $4 address >>> # $5 mask >>> # $6 port >>> # $7 id >>> >>> pf= >>> if [ -f "/etc/ipfw-blacklist.rc" ]; then >>> pf="ipfw" >>> . /etc/ipfw-blacklist.rc >>> ipfw_offset=${ipfw_offset:-2000} >>> fi >>> >>> if [ -z "$pf" ]; then >>> for f in npf pf ipf; do >>> if [ -f "/etc/$f.conf" ]; then >>> pf="$f" >>> break >>> fi >>> done >>> fi >>> >>> if [ -z "$pf" ]; then >>> echo "$0: Unsupported packet filter" 1>&2 >>> exit 1 >>> fi >>> >>> Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. >>> In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf lying >>> around from before? it should have failed with 'exit 1' .. though it's >>> not clear from browsing the code that even that would cause it to quit. >>> >> >> No, there are not /etc/pf.conf and /etc/ipf.conf. >> >> >>> >>> So once /etc/ipfw-blacklist.rc exists, that's a flag indicating you >>> intend using ipfw, however there's NO check that ipfw is running .. >>> >>> Then - ignoring the pf) and ipf) sections - though I suspect they'd have >>> the same issue unless really running - here's the ipfw add bit, no tabs: >>> >>> add) >>> case "$pf" in >>> [..] >>> ipfw) >>> # use $ipfw_offset+$port for rule number >>> rule=$(($ipfw_offset + $6)) >>> tname="port$6" >>> /sbin/ipfw table $tname create type addr 2>/dev/null >>> >>> Unless ipfw is running, enabled, that will fail - silently. >>> >>> /sbin/ipfw -q table $tname add "$addr/$mask" >>> >>> Ditto, perhaps with a message to stderr - that's simply ignored. >>> >>> # if rule number $rule does not already exist, create it >>> /sbin/ipfw show $rule >/dev/null 2>&1 || \ >>> /sbin/ipfw add $rule drop $3 from \ >>> table"("$tname")" to any dst-port $6 >/dev/null >>> && \ >>> echo OK >>> ;; >>> >>> When both of these ipfw commands also fail, it'll only fail to echo OK. >>> >>> Not that failing to echo OK seems to matter to the calling code, but >>> the OK is kept as 'id' which is passed to the rem)ove code, but is >>> unused except by the npf firewall .. 'netbsd packet filter' I guess. >>> >>> I can certainly suggest patches for at least the ipfw sections - and >>> really, if the introductory code checks ipfw is working that should be >>> enough - but I'm unsure whether 'exit 1' after an error message is all >>> that's needed to get blacklistd to whinge loudly and refuse to continue? >>> >>> This should be turned into a PR via bugzilla, but since I'm not running >>> 11.x here, I can only really contribute if you do so and add me as a cc. >>> >> >> Sorry I dont know how to describe the problem in bugzilla since I dont >> really understand what you said. >> I have to learn more about the script :) >> >> >>> >>> Please try to avoid top-posting on replies, thanks. >> >> >> Sure, I will. >> >> >>> >>> cheers, Ian >>> >> >> >> >> -- >> with kind regards >> > > > > -- > with kind regards > -- with kind regards From owner-freebsd-questions@freebsd.org Tue Nov 14 15:24:47 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E9BCDC1BEC for ; Tue, 14 Nov 2017 15:24:47 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2F77B3273 for ; Tue, 14 Nov 2017 15:24:46 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from [10.153.81.227] ([185.69.144.81]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vAEFOfC2095041 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Nov 2017 15:24:42 GMT (envelope-from freebsd-doc@fjl.co.uk) User-Agent: K-9 Mail for Android MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: portsnap fails if not root From: Frank Leonhardt Date: Tue, 14 Nov 2017 15:24:32 +0000 To: "freebsd-questions@freebsd.org" Message-ID: <6D5CB8A0-F31D-4899-BBF0-4208CDC34624@fjl.co.uk> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 15:24:47 -0000 Is there any reason why portsnap has to run as root? If you specify alternative ports dir and db dir using -p and - d, it should download and unpack stuff in home directory. Trouble us that it gets the tag, and starts fetching Metadata, but terminates with no message before it prints ..done. Not even a /n. Anyone know why before I start digging? Thanks, Frank. From owner-freebsd-questions@freebsd.org Tue Nov 14 15:40:19 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E122BDD4124 for ; Tue, 14 Nov 2017 15:40:19 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-oln040092007025.outbound.protection.outlook.com [40.92.7.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A010939CA for ; Tue, 14 Nov 2017 15:40:18 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IwIxrqYN+hs1qejdT9r4JE4HZ1V4gXNRLqrwQ0P6TB4=; b=Bih8E1Nfqs5BAVHohJgbu0kQ0RsnRREUxnZ6OYUe6YnhfARn1baA5elFbjPhUGIODT8Nen0hDxAnslWYwUFYoyo05fMbofB9evxwS/1AyYiNNjUHSuMbPrKU165kIMBkVAy6sOwF5N1KG9rpG03tfh18crfSZmIKwi3d32DHbLKMAxTFcdAr3NiMREuBxDoZnKh8EPuwQqlt0hAZmWbm9/PHmcpI+NSoDMVtvalvdArdw77/DfeHHT03q54+5/ft3zn5T4LGMm74Ixu4gD24tznwMlN5/s4M9J7T9pWhwVkWLFdwVbrLnBozR/nqpQKo5kcaY4KdnGvkkZNabXdUaw== Received: from CO1NAM03FT020.eop-NAM03.prod.protection.outlook.com (10.152.80.51) by CO1NAM03HT032.eop-NAM03.prod.protection.outlook.com (10.152.80.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.218.12; Tue, 14 Nov 2017 15:40:17 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com (10.152.80.60) by CO1NAM03FT020.mail.protection.outlook.com (10.152.80.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.218.12 via Frontend Transport; Tue, 14 Nov 2017 15:40:17 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) by BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 15:40:17 +0000 From: Carmel NY To: FreeBSD Subject: Re: Updating Instructions Thread-Topic: Updating Instructions Thread-Index: AQHTXSKs84Rj6nR6Nkend9uO6MDOIg== Date: Tue, 14 Nov 2017 15:40:17 +0000 Message-ID: References: <20171114132056.2e1122f8@gumby.homeunix.com> In-Reply-To: <20171114132056.2e1122f8@gumby.homeunix.com> Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:66C6E82324B802E55C8C98AE2DEBD227A7D796232099A52462BCA61371FCF3A0; UpperCasedChecksum:C20744A374BEE8FB77B382573A537FD5FC5C44D357F4D600BD7A722F7AC46070; SizeAsReceived:7069; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [NBYksJDW1M71AQ02/9POYFyIPXjNbnfm] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO1NAM03HT032; 6:xSo91BnAnDBzPVlFJWNVMNGXGz++5DiGGv9ftXxwZBuj4NoQMruccZG92LDD7MymIhCLJqt/lJnfr/AmlN9rJgFgn2l5rgWNqkD12r3oBkl2U3B9NyOFxInz8qgdPAZM0ZByr4G3Dl1RU8okG7LPB6fmMz7b2535Z72I1ULIBeCyFaazkG9EfmEOpoVSCrGBgSZEOupQns/awk0AJ5vaDaeTuZ3A60tJQTBnTTxMqC/F04K14Uuyux6fiviUWIUBXZjEyRyDgBrINy/QdMw/gHnmM9E2t1B5Xrnwyno3x5dHRpzc8vvUCZUM3k6N4fTao0VMhNvTbO8LMU4/i9f65L2zqA+CWBDXi4XW2pKVNc0=; 5:JkgcjVYcR/rEDvLoH3e3Pe9pzwvHMxQI5Iu32JSN+9SJFx/wENbDEzA9LIBifR0NeA2xeV/jnmNtWKiocyFSurpLk8UEwhU2YZ07rq0BJi2HbwdXol9RNtcrYVTD/WDx9KoP1NEYhafYoZh7jm09j75ke/h/wgp8w34TSSuiOCo=; 24:2Hy5xXW8v3Wu3wIaVyyVvKK+5t3L61oMl8HCosNKphVmVCN4ZM513z3vlYAHMeVnZwT0edQbmC0ShlCxwXMvhWwVNS2Qg2xpEgIPCBV9uFM=; 7:AcxNkmMoG1lCrexNJo9089a4Tuc5usoLgzwfNPly8lwS+9GihoIwpV9IDLVgk4XfhZHNkPstCR2Oa0lWR47ZEM/MhmE6KhKPpntX8tSqORV2cA4LtZh6RRjraQGHaCHLH3IKujS/fLKTxR4EEcqr1VVAls59BLdnt2LWTUFRnv9/uCRltImJ8XjVxmfNJpgR4y2huAWnIC1AsbnfEFMWB+v4MpOLiXAsauU9/1dE/Gdji6lV7c/mRZY27RR76R9k x-incomingheadercount: 47 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 018c8ab5-8788-41f7-6678-08d52b76011e x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:CO1NAM03HT032; x-ms-traffictypediagnostic: CO1NAM03HT032: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:CO1NAM03HT032; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CO1NAM03HT032; x-forefront-prvs: 04916EA04C x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM03HT032; H:BN6PR2001MB1730.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 018c8ab5-8788-41f7-6678-08d52b76011e X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 15:40:17.4729 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT032 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 15:40:20 -0000 On Tue, 14 Nov 2017 13:20:56 +0000, RW via freebsd-questions stated: >Have you any particular reason to think they are needed? There are no >such instructions for updating with pkg and that's what synth uses >after building local packages.=20 Actually, from time to time there are: (1) 20171107 (2) 20171006 (3) 20170808 (4) 20170807 (5) 20170721 Those are just a few. I agree that it is not as well documented as "portmaster" or "portupgrade" though. --=20 Carmel From owner-freebsd-questions@freebsd.org Tue Nov 14 15:44:19 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C0E8DD4424 for ; Tue, 14 Nov 2017 15:44:19 +0000 (UTC) (envelope-from matt.xtaz@gmail.com) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEFF73DB8 for ; Tue, 14 Nov 2017 15:44:18 +0000 (UTC) (envelope-from matt.xtaz@gmail.com) Received: by mail-wm0-x234.google.com with SMTP id r68so22301360wmr.1 for ; Tue, 14 Nov 2017 07:44:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=2GxhHf/wdTZEq4t2asg0KMv5xKVNH0j7gX9mFV/1PTU=; b=ADamq7uVk9ySQNauc67H9VtaSy4aDlyCc+BwYi7TzpKsvo1O7wGbTkp9u5B9gT1TEb HrnXzzXun4oOUUss7CyOSLUtVEgIgpv0Wp1YrBg9qcxAEXKW1VMwmPtqOxMyGZexvSAE aCYRALGCfmjwTkf/ru4dIkE5+Om4fyiDvlSd7W4ePslAC6RVqZusqdeKGljcM7wgRZ5s fyEqWjv1OPkmuvK9YXumKfvA29lgY1yqnzOJhVa7sBawxnjQ2E4/PuprkBfouitET5ZW SHHjhPT/DI2HfsdwQTp1mT+AsRMLlVEqTUwbOnD3mWzf60MfC9DDHrFDMq4AeixnMCQs 5tJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :references:mime-version:content-disposition:in-reply-to:user-agent; bh=2GxhHf/wdTZEq4t2asg0KMv5xKVNH0j7gX9mFV/1PTU=; b=sOnckiNgfZlOoPFNFn6GduuasZM329fxsYkFggU1jKayhPsCYhr45UlRMogBGCr89M PEn4IW6BSFHNI22T5dFuLSJr0M+03gkvjlA4ZGsYd56pooBgERiQ7qR4MMyW2+BA6PON 12RYFyaDgME4saBIOTqTmfKPlE5QGecPzGbNg1ie2+7UA1GnzwlZZgOAQunf0zebh4RO fH5ahRHy0YCpYS/7MHAfzbjA67dSpxFJDjyey0BJcygX6/Cxh9k0VKENdHCYK47asexs rtii2foYWlSDf4MKVs3qCeU5Qv60T0kHyX8nc8XC6gmW/j1ukP1kMreQW1GqYnOXy3Fe 6wFA== X-Gm-Message-State: AJaThX5Okd1RUP10mPEu8x1DP6w9VU8DLx0HbTYjCzFBzQ1tGkPHRJGu 8mFpjnUtQh+Ze9L+Tu6Z8c/vpZOs X-Google-Smtp-Source: AGs4zMa/aj8TLXUm2ra/K372qKCLPm2vtJSExnAYKMGYz9oVqXXR0iTRDj33lE2fJAZzg1+3zMFpKg== X-Received: by 10.28.10.195 with SMTP id 186mr8711641wmk.136.1510674256421; Tue, 14 Nov 2017 07:44:16 -0800 (PST) Received: from gmail.com (tao.xtaz.uk. [2001:8b0:fe33::10]) by smtp.gmail.com with ESMTPSA id p200sm7742527wmd.9.2017.11.14.07.44.15 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 14 Nov 2017 07:44:16 -0800 (PST) Date: Tue, 14 Nov 2017 15:44:13 +0000 From: Matt Smith To: FreeBSD Subject: Re: Updating Instructions Message-ID: <20171114154413.GA57677@gmail.com> Mail-Followup-To: Matt Smith , FreeBSD References: <20171114132056.2e1122f8@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 15:44:19 -0000 On Nov 14 15:40, Carmel NY wrote: >On Tue, 14 Nov 2017 13:20:56 +0000, RW via freebsd-questions stated: > >>Have you any particular reason to think they are needed? There are no >>such instructions for updating with pkg and that's what synth uses >>after building local packages. > >Actually, from time to time there are: > >(1) 20171107 >(2) 20171006 >(3) 20170808 >(4) 20170807 >(5) 20170721 > >Those are just a few. I agree that it is not as well documented as >"portmaster" or "portupgrade" though. > This is most likely because pkg, poudriere, and synth are all "clean room build/install" tools and should just do the correct thing by default without any intervention required. Whereas portmaster and portupgrade don't run inside any chroot or jail environments and are directly affected by things being found in the build host. A lot of the time this requires manual intervention, uninstalling things, moving things out the way etc. before you can do an upgrade. You just simply don't need to do that with the clean-room tools. -- Matt From owner-freebsd-questions@freebsd.org Tue Nov 14 15:50:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C300DD460B for ; Tue, 14 Nov 2017 15:50:10 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C84F3F3D for ; Tue, 14 Nov 2017 15:50:09 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from [10.153.81.227] ([185.69.144.81]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vAEFnxL8099406 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Nov 2017 15:50:01 GMT (envelope-from frank2@fjl.co.uk) User-Agent: K-9 Mail for Android In-Reply-To: <6D5CB8A0-F31D-4899-BBF0-4208CDC34624@fjl.co.uk> References: <6D5CB8A0-F31D-4899-BBF0-4208CDC34624@fjl.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: portsnap fails if not root From: "Frank Leonhardt (m)" Date: Tue, 14 Nov 2017 15:49:52 +0000 To: "freebsd-questions@freebsd.org" Message-ID: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 15:50:10 -0000 On 14 November 2017 15:24:32 GMT+00:00, Frank Leonhardt wrote: >Is there any reason why portsnap has to run as root? If you specify >alternative ports dir and db dir using -p and - d, it should download >and unpack stuff in home directory. > >Trouble us that it gets the tag, and starts fetching Metadata, but >terminates with no message before it prints ..done. Not even a /n. > >Anyone know why before I start digging? Okay, port snap is just shell script. Fetch fails and it just bombs. Will have a fix soon... -- Sent from my Cray X/MP with small fiddling keyboard. From owner-freebsd-questions@freebsd.org Tue Nov 14 17:04:30 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A114DD7887 for ; Tue, 14 Nov 2017 17:04:30 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C67F66212 for ; Tue, 14 Nov 2017 17:04:29 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 91C7062395 for ; Tue, 14 Nov 2017 12:04:21 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkyc6_-Kd275 for ; Tue, 14 Nov 2017 12:04:19 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 5454460A67 for ; Tue, 14 Nov 2017 12:04:19 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Tue, 14 Nov 2017 12:04:19 -0500 Message-ID: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> Date: Tue, 14 Nov 2017 12:04:19 -0500 Subject: why does freebsd-update and uname report different patch levels? From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:04:30 -0000 We have recently completed upgrading all of our freebsd-11 systems to 11.1. Now when we run freebsd-update fetch we see this: # freebsd-update fetch src component not installed, skipped Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 11.1-RELEASE from update5.freebsd.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Fetching 2 metadata files... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 11.1-RELEASE-p3. However, when we do 'uname -a' on the same system then we see this: FreeBSD inet13.hamilton.harte-lyne.ca 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug 9 11:55:48 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 Why is there a difference in the reported patch level of the same system? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Tue Nov 14 17:12:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DEA6DD7C3A for ; Tue, 14 Nov 2017 17:12:26 +0000 (UTC) (envelope-from mail@ozzmosis.com) Received: from homiemail-a123.g.dreamhost.com (sub5.mail.dreamhost.com [208.113.200.129]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 511CD6671B for ; Tue, 14 Nov 2017 17:12:25 +0000 (UTC) (envelope-from mail@ozzmosis.com) Received: from homiemail-a123.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a123.g.dreamhost.com (Postfix) with ESMTP id 242386000092F; Tue, 14 Nov 2017 09:12:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=ozzmosis.com; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=ozzmosis.com; bh=e6MVEFA2gwB3OoEDF9M9FuEoQjc=; b= HzgCYRP0rv4Ib2QW5+q6T45tRBoc2ZStvefsLF+0Nqy6Uy8BLsp0ohlV+cUXTBfa MLmRMlqZXtBuMGSDuNsFMd6dfF3qY9WGbZnzef8jThTBtSskj1Tdpn1mx2QMj7s9 WFNT5pPM1fYArf7Ivc4f/5UrEiprwCkjRTVBiVf2fvc= Received: from blizzard.ozzmosis.com (124-148-135-246.dyn.iinet.net.au [124.148.135.246]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: relay@ozzmosis.com) by homiemail-a123.g.dreamhost.com (Postfix) with ESMTPSA id D8E8C60000926; Tue, 14 Nov 2017 09:12:18 -0800 (PST) Received: by blizzard.ozzmosis.com (Postfix, from userid 1001) id 1B1EA9D2; Wed, 15 Nov 2017 04:12:16 +1100 (AEDT) Date: Wed, 15 Nov 2017 04:12:16 +1100 From: andrew clarke To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: why does freebsd-update and uname report different patch levels? Message-ID: <20171114171215.lo4j4fvpxlstxdtb@ozzmosis.com> References: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> User-Agent: NeoMutt/20171027 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:12:26 -0000 On Tue 2017-11-14 12:04:19 UTC-0500, James B. Byrne via freebsd-questions (freebsd-questions@freebsd.org) wrote: > We have recently completed upgrading all of our freebsd-11 systems to > 11.1. Now when we run freebsd-update fetch we see this: > > # freebsd-update fetch > src component not installed, skipped > Looking up update.FreeBSD.org mirrors... 3 mirrors found. > Fetching metadata signature for 11.1-RELEASE from > update5.freebsd.org... done. > Fetching metadata index... done. > Fetching 2 metadata patches.. done. > Applying metadata patches... done. > Fetching 2 metadata files... done. > Inspecting system... done. > Preparing to download files... done. > > No updates needed to update system to 11.1-RELEASE-p3. > > However, when we do 'uname -a' on the same system then we see this: > > FreeBSD inet13.hamilton.harte-lyne.ca 11.1-RELEASE-p1 FreeBSD > 11.1-RELEASE-p1 #0: Wed Aug 9 11:55:48 UTC 2017 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > Why is there a difference in the reported patch level of the same system? 'uname -a' shows the version of the currently running kernel. 'freebsd-version -k' shows the version of the installed kernel. 'freebsd-version -u' shows the version of the installed userland. Often freebsd-update does not to patch the kernel. It is normal to see the kernel and userland at different patch levels. From owner-freebsd-questions@freebsd.org Tue Nov 14 17:14:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D5E4DD7DC6 for ; Tue, 14 Nov 2017 17:14:10 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay14.qsc.de (mailrelay14.qsc.de [212.99.163.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D87CA66860 for ; Tue, 14 Nov 2017 17:14:09 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay14.qsc.de; Tue, 14 Nov 2017 18:14:00 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id E37C63CBF9; Tue, 14 Nov 2017 18:13:59 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vAEHDw0u002397; Tue, 14 Nov 2017 18:13:58 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 14 Nov 2017 18:13:58 +0100 From: Polytropon To: byrnejb@harte-lyne.ca Cc: "James B. Byrne via freebsd-questions" Subject: Re: why does freebsd-update and uname report different patch levels? Message-Id: <20171114181358.cb19a85d.freebsd@edvax.de> In-Reply-To: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> References: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay14.qsc.de with 5832C683456 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1466 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:14:10 -0000 On Tue, 14 Nov 2017 12:04:19 -0500, James B. Byrne via freebsd-questions wrote: > We have recently completed upgrading all of our freebsd-11 systems to > 11.1. Now when we run freebsd-update fetch we see this: > > # freebsd-update fetch > src component not installed, skipped > Looking up update.FreeBSD.org mirrors... 3 mirrors found. > Fetching metadata signature for 11.1-RELEASE from > update5.freebsd.org... done. > Fetching metadata index... done. > Fetching 2 metadata patches.. done. > Applying metadata patches... done. > Fetching 2 metadata files... done. > Inspecting system... done. > Preparing to download files... done. > > No updates needed to update system to 11.1-RELEASE-p3. > > However, when we do 'uname -a' on the same system then we see this: > > FreeBSD inet13.hamilton.harte-lyne.ca 11.1-RELEASE-p1 FreeBSD > 11.1-RELEASE-p1 #0: Wed Aug 9 11:55:48 UTC 2017 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > Why is there a difference in the reported patch level of the same system? The patch level only reflects the updates to the kernel. If an update only contains changes to the userland (and the kernel stays untouched), its version won't be changed. As the "uname" command gets its information from the kernel, userland changes cannot be made visible that way. This is where the "freebsd-version" command is useful. See "man uname" and "man freebsd-version" for details. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Tue Nov 14 17:21:47 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51452DD848C for ; Tue, 14 Nov 2017 17:21:47 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1DE3866E13 for ; Tue, 14 Nov 2017 17:21:46 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 7A5D962421; Tue, 14 Nov 2017 12:21:45 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TI40VV8ql8OL; Tue, 14 Nov 2017 12:21:43 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 3270962365; Tue, 14 Nov 2017 12:21:43 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Tue, 14 Nov 2017 12:21:43 -0500 Message-ID: <4302cc3472ba357bb308d0319270ef36.squirrel@webmail.harte-lyne.ca> In-Reply-To: <20171114181358.cb19a85d.freebsd@edvax.de> References: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> <20171114181358.cb19a85d.freebsd@edvax.de> Date: Tue, 14 Nov 2017 12:21:43 -0500 Subject: Re: why does freebsd-update and uname report different patch levels? From: "James B. Byrne" To: "Polytropon" Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:21:47 -0000 On Tue, November 14, 2017 12:13, Polytropon wrote: > The patch level only reflects the updates to the kernel. If > an update only contains changes to the userland (and the > kernel stays untouched), its version won't be changed. As > the "uname" command gets its information from the kernel, > userland changes cannot be made visible that way. This is > where the "freebsd-version" command is useful. > > See "man uname" and "man freebsd-version" for details. > > Thank you. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Tue Nov 14 17:22:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0F07DD853C for ; Tue, 14 Nov 2017 17:22:12 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C1A566F13 for ; Tue, 14 Nov 2017 17:22:11 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from raspberrypi.bildanet.com ([65.186.81.207]) by cmsmtp with ESMTP id EesCe9zD0s0jREesFeIEOv; Tue, 14 Nov 2017 17:19:47 +0000 Received: from [192.168.1.143] by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1eEeuP-0006K6-Qb for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 17:22:01 +0000 Subject: Re: Updating Instructions To: freebsd-questions@freebsd.org References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> From: Baho Utot Message-ID: <37646a67-b5b0-f592-29d6-88cf363227fe@columbus.rr.com> Date: Tue, 14 Nov 2017 12:21:55 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CMAE-Envelope: MS4wfO/R+ZRXieedQA2ZUXBKCHEEBE1GUxOXT/tg/Z/c0HswJ4ex+m/qVAMRX40iSY6/239N0fcHXhhlNHBi6G7kGTSqzElZw1WVwICILpeEKINqR4ihMZFE Fxsq6cZqjyCFND7dwsu7HJlnic1YBA26kWnfXQmCL7khed6grRCw376X/WmNmApCykXusThIPfG0dw== X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:22:12 -0000 On 11/14/2017 8:00 AM, Arthur Chance wrote: > On 14/11/2017 12:47, Baho Utot wrote: >> >> On 11/14/17 03:29, Carmel NY wrote: >>> Out of morbid curiosity, I was just wondering why instructions for >>> updating a >>> moved or discontinued port are never posted for "synth", like they are >>> for >>> "portupgrade" or "portmaster" in the UPDATING file? An example would >>> be the >>> recent 20171112 change in the devel/oniguruma* port. >>> >> >> I think it is because synth is a bads word around here > More likely that very few of us knew about it. This thread was the first > time I heard of it. I've been using poudriere since shortly after it > came out, and it works fine for me. > Then you must have missed the Dam Marino fallout From owner-freebsd-questions@freebsd.org Tue Nov 14 17:23:41 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27489DD870F for ; Tue, 14 Nov 2017 17:23:41 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E53CE671DE for ; Tue, 14 Nov 2017 17:23:40 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from raspberrypi.bildanet.com ([65.186.81.207]) by cmsmtp with ESMTP id EetieADtTs0jREetleIFkp; Tue, 14 Nov 2017 17:21:21 +0000 Received: from [192.168.1.143] by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1eEevv-0006KJ-W1 for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 17:23:36 +0000 Subject: Re: Updating Instructions To: freebsd-questions@freebsd.org References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> From: Baho Utot Message-ID: <7b34601d-614d-73a5-c660-1b1eb41b85ec@columbus.rr.com> Date: Tue, 14 Nov 2017 12:23:29 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CMAE-Envelope: MS4wfKIIpJWatdGLVfRSzMu5Nn0R09LL6dYGQEQzQd/l+1WIRN2uQMsDuJ1CZRMgm93Os4M2s1H1EU5UwjmJMl7dL8HchLzDqH/BoIOFQZQnAoMhciLKOo7c p9Lra5wagW9hNSsxFWNQFtONADDOSKYUFLj0XdbwMyUqwVMIMLyUM1m5Cdw8YIoM1QT6nXoXqjCm7FQwq9YN/SwKQ6bGtERfBg0= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:23:41 -0000 On 11/14/2017 8:22 AM, Carmel NY wrote: > On Tue, 14 Nov 2017 13:00:40 +0000, Arthur Chance stated: > >> On 14/11/2017 12:47, Baho Utot wrote: >>> >>> On 11/14/17 03:29, Carmel NY wrote: >>>> Out of morbid curiosity, I was just wondering why instructions for >>>> updating a >>>> moved or discontinued port are never posted for "synth", like they are >>>> for >>>> "portupgrade" or "portmaster" in the UPDATING file? An example would >>>> be the >>>> recent 20171112 change in the devel/oniguruma* port. >>>> >>> >>> I think it is because synth is a bads word around here >> More likely that very few of us knew about it. This thread was the first >> time I heard of it. I've been using poudriere since shortly after it >> came out, and it works fine for me. >> > Personally, I consider "poudriere" over kill for the average user, especially > a user who is using FreeBSD on a single PC or laptop. > > I realize that the updates needed to run synth on FreeBSD-12 are not in place, > and perhaps never will be. In that case, I will be happy to stay with my > present system or switch to a different OS. > Ditto that for me From owner-freebsd-questions@freebsd.org Tue Nov 14 17:30:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAD6EDD8950 for ; Tue, 14 Nov 2017 17:30:04 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8E3D9673C3 for ; Tue, 14 Nov 2017 17:30:03 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from raspberrypi.bildanet.com ([65.186.81.207]) by cmsmtp with ESMTP id EezteB9KNs0jREezweIKsj; Tue, 14 Nov 2017 17:27:45 +0000 Received: from [192.168.1.143] by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1eEf27-0006KX-2K for freebsd-questions@freebsd.org; Tue, 14 Nov 2017 17:29:59 +0000 Subject: Re: Updating Instructions To: freebsd-questions@freebsd.org References: <20171114132056.2e1122f8@gumby.homeunix.com> <20171114154413.GA57677@gmail.com> From: Baho Utot Message-ID: <81090cac-6f93-7262-4986-44e7512492cf@columbus.rr.com> Date: Tue, 14 Nov 2017 12:29:55 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171114154413.GA57677@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CMAE-Envelope: MS4wfDsktl0Ikh71Q4sVqdSB6UAT8jwZJTwMllUx/ZfDcb/YocnGVyb08510H3lmEL5299yeEXToBENoBXbW+/JNVnqduwdpt9p5NG/nABWxbHkshOoUuV/j wtt3+R1B2lWi7wMWvMZnoRUSwmM2t0RnWaxgJjzvJ9nlwPfUnxrkfDoB38Ssj6aOh77Z5AogapyU9ZtpHy2/MyCClVKd3ATlRzg= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:30:04 -0000 On 11/14/2017 10:44 AM, Matt Smith wrote: > On Nov 14 15:40, Carmel NY wrote: >> On Tue, 14 Nov 2017 13:20:56 +0000, RW via freebsd-questions stated: >> >>> Have you any particular reason to think they are needed? There are no >>> such instructions for updating with pkg and that's what synth uses >>> after building local packages. >> >> Actually, from time to time there are: >> >> (1) 20171107 >> (2) 20171006 >> (3) 20170808 >> (4) 20170807 >> (5) 20170721 >> >> Those are just a few. I agree that it is not as well documented as >> "portmaster" or "portupgrade" though. >> > > This is most likely because pkg, poudriere, and synth are all "clean > room build/install" tools and should just do the correct thing by > default without any intervention required. Whereas portmaster and > portupgrade don't run inside any chroot or jail environments and are > directly affected by things being found in the build host. > > A lot of the time this requires manual intervention, uninstalling > things, moving things out the way etc. before you can do an upgrade. > > You just simply don't need to do that with the clean-room tools. > Unless the base system has a negative influance upon the port in question From owner-freebsd-questions@freebsd.org Tue Nov 14 17:30:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A63CDD8975 for ; Tue, 14 Nov 2017 17:30:12 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id DA84467405 for ; Tue, 14 Nov 2017 17:30:11 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id A771333C24; Tue, 14 Nov 2017 12:30:08 -0500 (EST) From: Lowell Gilbert To: "James B. Byrne via freebsd-questions" Cc: "Polytropon" , byrnejb@harte-lyne.ca Subject: Re: why does freebsd-update and uname report different patch levels? References: <4432633d41c0c5fcf575fdae0af60245.squirrel@webmail.harte-lyne.ca> <20171114181358.cb19a85d.freebsd@edvax.de> <4302cc3472ba357bb308d0319270ef36.squirrel@webmail.harte-lyne.ca> Date: Tue, 14 Nov 2017 12:30:08 -0500 In-Reply-To: <4302cc3472ba357bb308d0319270ef36.squirrel@webmail.harte-lyne.ca> (James B. Byrne via freebsd-questions's message of "Tue, 14 Nov 2017 12:21:43 -0500") Message-ID: <44r2t0lqe7.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:30:12 -0000 Note that this is documented in freebsd-update section of the Handbook. From owner-freebsd-questions@freebsd.org Tue Nov 14 17:48:08 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67D8FDD9146 for ; Tue, 14 Nov 2017 17:48:08 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.home.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B7C767F31 for ; Tue, 14 Nov 2017 17:48:07 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id vAEHltBa058290; Tue, 14 Nov 2017 17:47:55 GMT (envelope-from freebsd@qeng-ho.org) Subject: Re: Updating Instructions To: Baho Utot , FreeBSD-Questions References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> <37646a67-b5b0-f592-29d6-88cf363227fe@columbus.rr.com> From: Arthur Chance Message-ID: <3aca1c7f-63ad-80a1-824f-4d04872b7d7a@qeng-ho.org> Date: Tue, 14 Nov 2017 17:47:55 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <37646a67-b5b0-f592-29d6-88cf363227fe@columbus.rr.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 17:48:08 -0000 On 14/11/2017 17:21, Baho Utot wrote: > > On 11/14/2017 8:00 AM, Arthur Chance wrote: >> On 14/11/2017 12:47, Baho Utot wrote: >>> >>> On 11/14/17 03:29, Carmel NY wrote: >>>> Out of morbid curiosity, I was just wondering why instructions for >>>> updating a >>>> moved or discontinued port are never posted for "synth", like they are >>>> for >>>> "portupgrade" or "portmaster" in the UPDATING file? An example would >>>> be the >>>> recent 20171112 change in the devel/oniguruma* port. >>>> >>> >>> I think it is because synth is a bads word around here >> More likely that very few of us knew about it. This thread was the first >> time I heard of it. I've been using poudriere since shortly after it >> came out, and it works fine for me. >> > > Then you must have missed the Dam Marino fallout I think you mean John Marino, Dan Marino was quarterback for the Miami Dolphins in the mid 80s. And yes, I knew nothing about it until Googling just now. I vaguely remember some spat about someone breaking the code of conduct, but I've got enough to do in my life without following things which aren't relevant to me. Time gets shorter the older I get. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Tue Nov 14 18:11:27 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFEB8DD9DD9 for ; Tue, 14 Nov 2017 18:11:27 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id 79DE669481 for ; Tue, 14 Nov 2017 18:11:27 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 6D542CB8CEF; Tue, 14 Nov 2017 11:41:41 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 14 Nov 2017 11:41:41 -0600 (CST) Message-ID: <24631.128.135.52.6.1510681301.squirrel@cosmo.uchicago.edu> In-Reply-To: References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> Date: Tue, 14 Nov 2017 11:41:41 -0600 (CST) Subject: Re: Updating Instructions From: "Valeri Galtsev" To: "FreeBSD" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 18:11:27 -0000 On Tue, November 14, 2017 7:22 am, Carmel NY wrote: > On Tue, 14 Nov 2017 13:00:40 +0000, Arthur Chance stated: > >>On 14/11/2017 12:47, Baho Utot wrote: >>> >>> >>> On 11/14/17 03:29, Carmel NY wrote: >>>> Out of morbid curiosity, I was just wondering why instructions for >>>> updating a >>>> moved or discontinued port are never posted for "synth", like they are >>>> for >>>> "portupgrade" or "portmaster" in the UPDATING file? An example would >>>> be the >>>> recent 20171112 change in the devel/oniguruma* port. >>>> >>> >>> >>> I think it is because synth is a bads word around here >> >>More likely that very few of us knew about it. This thread was the first >>time I heard of it. I've been using poudriere since shortly after it >>came out, and it works fine for me. >> > > Personally, I consider "poudriere" over kill for the average user, > especially > a user who is using FreeBSD on a single PC or laptop. In the past I was always told to do port or package part installation and update one of two mutually exclusive ways: 1. build stuff on your machine in ports (and for update use something what will rebuild all that has to be rebuild, like portupgrade/portdowngrade) 2. go with prebuilt packages, e.g. use (exclusively) pkg to install and update/upgrade everything but base system The reason for that I understand is: when you build ports, you may have changed some of the configuration settings, then dependencies may (or must) be rebuild and installed in accordance with that, hence having them coming from pkg will potentially make mess for you. That is where poudriere comes into play with me: 1. I do need some ports (or rather packages) built with different options than those that come from pkg repository 2. I do like to do updates on multiple boxes using pkg (thus building stuff only once if necessary) 3. I do like the intelligence of poudriere, having poudriere in your pkg config brings only stuff that is in your poudriere repository from it, and the rest of necessary packages from central pkg repository. The only thing you have to keep in mind, if you need several different sets of build options for some package, you will have to have set of different poudriere repositories, one for each of these different sets of build options. Well, one can not have everything I guess. So, as someone already mentioned, poudriere builds stuff in clean environment, thus you can rely on the result. Is it overkill if you just maintain one single machine? Well, if you maintain machine decently clean way, that is there is no leftovers of libraries, headers etc that will not be found on freshly installed system, then you are safe using just port builds (and going with some tools like portupgrade/portdowngrade). However, if you have leftovers of libraries/headers, not cleaned after upgrade of major release, or if you have some stuff built outside of ports, but installed with the same /usr/local prefix, then you take chance to get surprises, and may end up asking experts on this list (mind that I am not one of experts ;-) for help, and even experts may have hard time to resolve the trouble. I hope, this helps. Again, this comes not from an expert, just from someone who sort of found one's way to maintain a bunch of FreeBSD boxes (with help of experts who post to this list). Valeri > > I realize that the updates needed to run synth on FreeBSD-12 are not in > place, > and perhaps never will be. In that case, I will be happy to stay with my > present system or switch to a different OS. > > -- > Carmel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Tue Nov 14 21:05:20 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66A88DDDF51; Tue, 14 Nov 2017 21:05:20 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2DAD26F7F3; Tue, 14 Nov 2017 21:05:20 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x22a.google.com with SMTP id f187so15357009itb.1; Tue, 14 Nov 2017 13:05:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=kle2yA8pCI24nJh2rUMCAI+KFu98OH1AgfJstTkVxvw=; b=DWlmAsi+nnkbCzifvhUbO7aM6nFnvDjFwXlSVhOsHNQgeVAWtdmYsHcgyGtQHqQV2e iIlO82ELgoBLQnjaErPK6l0Ql/J/KQyBmELaIzXXlqvUVMGj9DtyEgbmNPBjGi4xfKTK j6499DKfTIfRYjt3W0Y7fYMtbcLFHcy01KwnbJeIw5Zg9TOOaE9EHonn2i2cs4iDfyqx W+6hbDZIVawIg/iAsnuPRcFAv1lplgsJ6WSwH1E4nVcnSZ8Jv4f9Wltg0l8FkM+PlZ6C 7DUL6hFSXT2oprFh8yzxRLl9JwqReSqvN43QISyePjFljG23VU/iWoijlDQYOwrKqZxh 0BGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=kle2yA8pCI24nJh2rUMCAI+KFu98OH1AgfJstTkVxvw=; b=L+ni6i2WGQXgNCko5qX5KHOOX/iGnOFsBRKiKB7VdTqY1YADnuuXtwmUX3aS/xCeds v/XFMp6/4rNGoTf3tJ/Uzg/exTZ2R94SJoUpaPuuwpHSYN1nMNr2Zxmz2P/cL4qlAATm 96aAzcNbZv6oeWnvaBSpEgPPmA47XEgwIqjWRozxj2moHFjVWn/+2M20Jtv12hd5ZYqq v26gHItpo9RPT96dusxJfGfGb1VQUDN30x87g6PUZMqGTUTbohETrYa8+v87mLFrSvvx V//NEFFb7PLJQpYocEYIyndXbu4D3c3ST/D5h2hcXhZa5AyoRITRIInftxbTpHBmgfyz SmtA== X-Gm-Message-State: AJaThX7mt3guaNxrYP49jBr8hywigkx73fCR9lzSiQRE2Wpl7XXLE+zE uXInAi4PT4/3WFxqwBbxcVWOXg== X-Google-Smtp-Source: AGs4zMYVbdCkjxqrraiFjzhlqZv9LJ+AMgCC2RnYshv2ldFXibImZ6By2rmTOAgk8ylBtm3B0jNK0Q== X-Received: by 10.36.111.2 with SMTP id x2mr17744700itb.31.1510693518954; Tue, 14 Nov 2017 13:05:18 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id e68sm8054553ite.0.2017.11.14.13.05.17 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Nov 2017 13:05:18 -0800 (PST) Message-ID: <5A0B5A8D.107@gmail.com> Date: Tue, 14 Nov 2017 16:05:17 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" , "ports@FreeBSD.org" Subject: Makefile RUN_DEPENDS= option Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 21:05:20 -0000 Have a simple port that needs wget to work. I want RUN_DEPENDS to first check if wget is already installed, IE: is the running executable in the search path whether installed as a compiled port or installed as a package and if so bypass any more wget processing. If running executable not found then to auto install using pkg version and if not found there to do port compile method. How would I code that? From owner-freebsd-questions@freebsd.org Tue Nov 14 21:15:48 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6D27DDE483; Tue, 14 Nov 2017 21:15:48 +0000 (UTC) (envelope-from adamw@adamw.org) Received: from apnoea.adamw.org (apnoea.adamw.org [104.225.5.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "apnoea.adamw.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 78E226FF22; Tue, 14 Nov 2017 21:15:48 +0000 (UTC) (envelope-from adamw@adamw.org) Received: by apnoea.adamw.org (OpenSMTPD) with ESMTPSA id 7e92c32b TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Tue, 14 Nov 2017 14:15:41 -0700 (MST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Re: Makefile RUN_DEPENDS= option From: Adam Weinberger In-Reply-To: <5A0B5A8D.107@gmail.com> Date: Tue, 14 Nov 2017 14:15:39 -0700 Cc: "freebsd-questions@freebsd.org" , "ports@FreeBSD.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <5A0B5A8D.107@gmail.com> To: Ernie Luzar X-Mailer: Apple Mail (2.3445.4.7) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 21:15:48 -0000 > On 14 Nov, 2017, at 14:05, Ernie Luzar wrote: >=20 > Have a simple port that needs wget to work. >=20 > I want RUN_DEPENDS to first check if wget is already installed, IE: is = the running executable in the search path whether installed as a = compiled port or installed as a package and if so bypass any more wget = processing. If running executable not found then to auto install using = pkg version and if not found there to do port compile method. >=20 > How would I code that? That won't work. Ports are built in poudriere, and poudriere expects a = clean system. If you don't depend on wget, wget will NEVER be available. Additionally, network access is explicitly disabled for everything = except the fetch target, so you can't rely on wget doing anything. # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org From owner-freebsd-questions@freebsd.org Tue Nov 14 23:24:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AF81DB8E71; Tue, 14 Nov 2017 23:24:40 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6168674A7A; Tue, 14 Nov 2017 23:24:40 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x235.google.com with SMTP id i38so11712125iod.2; Tue, 14 Nov 2017 15:24:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=KQwuDWDWqwYdt/q/Pq14HViMROwK7FwPQRQf5ki6vns=; b=NZbHb4s03Cw4KRsPnXKBbhgjUY6iB0RHya3ZCuDvErjlcD3YPJbPmySk29Gy0/o8z9 OT1IYrOpQoboKb5yXAYUpXuzhCdtRXs21lmL8g3S9uLh/yQox+wqedlDNIptYliDnOlr RQGeXPkVQFVRImZPyU/pjjG6qSOATMmyFT/w69Tl6Qe44udQtsELP9E/P7668X6s+OHf /D+Qe4eac6uEY20Ix4LsRxLcsvoEJ/yS3Me2DpMHibO4WAWcgEkKgeaDMOBzu3bJ3/wh kCrwTaAl/qeKjz6ReQw4v3+H/8+QwqZoLYHHZ1NEN78CkI/VIZOiDOnD3BNI9KcEnZJx NWQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=KQwuDWDWqwYdt/q/Pq14HViMROwK7FwPQRQf5ki6vns=; b=rw8GGQ5Qc08EoXi509kuegzts18RkTMfy9GAB5lDjX1GPoaelH+51VQ8itYIaZjIBf 5EZRsz41rvBw6Q6DpLFVee2pP0vQ6wD6FlHivqQ6xl5xmOe+S5PKy5zSS/Qw51Kc58DZ J7M02K4GOOuubShXJzDlMJYD7VPZ0oE/J7HxXCSTNYGsNhvpo+J1VIVOWE8Qh4ToVoo4 0n3UjBChH0f4Kd5p2EFeBDULrZSerGB9ci0Ai7ByOVUKjvIkFgzUNLxhINrNHfxGw8Xv 0Mq4BdHpKHD3/VXGjytYXmAoxvu2x1xcEynBzIzZy9Z43aXUiDHpn+eKRLqYqDcMah9s I1Tw== X-Gm-Message-State: AJaThX4V5Ui7EtDBX5QaJSsA5iDmxF5mR+WQFi5tSJSjf5cEh9uLynke OplYbBbZuSI+GSZrf+AjPNAaiw== X-Google-Smtp-Source: AGs4zMaLfZMa1VWeGVGRA1J7kQdFyxFrid1pypFnCTHRM4MyYdsx+3rhZvyKJak9PSoRBQXCqL5yPg== X-Received: by 10.107.131.147 with SMTP id n19mr15398662ioi.87.1510701879652; Tue, 14 Nov 2017 15:24:39 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id u140sm5817160itc.41.2017.11.14.15.24.39 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Nov 2017 15:24:39 -0800 (PST) Message-ID: <5A0B7B37.8040405@gmail.com> Date: Tue, 14 Nov 2017 18:24:39 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "ports@FreeBSD.org" , "freebsd-questions@freebsd.org" Subject: how to code Makefile to add script to periodic/daily Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 23:24:40 -0000 Searched the porters handbook and can not find any info about how to code the Makefile for adding a file to /usr/local/etc/periodic/daily directory. Was hoping for a canned macro but no joy. Can someone please point me to documentation or provide an example. Thanks From owner-freebsd-questions@freebsd.org Tue Nov 14 23:44:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AFB1DB9561; Tue, 14 Nov 2017 23:44:12 +0000 (UTC) (envelope-from bryan-lists@shatow.net) Received: from mail.xzibition.com (mail.xzibition.com [52.11.127.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0013C7541F; Tue, 14 Nov 2017 23:44:11 +0000 (UTC) (envelope-from bryan-lists@shatow.net) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 4AD468476; Tue, 14 Nov 2017 23:44:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id d4IMhyKsdbFX; Tue, 14 Nov 2017 23:44:02 +0000 (UTC) Subject: Re: how to code Makefile to add script to periodic/daily DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 4898E8470 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shatow.net; s=mxc204805312015; t=1510703042; bh=R4i6qQnnzbb8F0mezSUW8LMdbgyXbDA3EBJsS9cgExk=; h=Subject:To:References:From:Date:In-Reply-To; b=eYRuoF604sj2hfgQkqKIWQLmIb6UTNEBcFV59cijEVvJiwWzdj07yYrwulrU6N9oE QwXlPWka/T8i+MCj4SOD1eUcy9JCyuw5Ky6sWY3VmEvrYCe2ywuN434gtN0ZPPMIVz NcVWyyQaUp/seQ+A0mt5UNu6k+/xjujSosq5pj7bqShK19u6o6E2H2a8prebPOtiyn Nqa6Du5/+k27O4a8O669LEroQuYM9Vhn+II/MyE0zF/sFuAuJTyMp0PGC1asbx/Dm3 iO9tPQxC42HzMNpMq5Er4R2lHIV5fAf6inASQUbYDEJtY/DPB/R2RUT4li3aZkaMUZ RjxEZpi4P+g3A== To: Ernie Luzar , "ports@FreeBSD.org" , "freebsd-questions@freebsd.org" References: <5A0B7B37.8040405@gmail.com> From: Bryan Drewery Message-ID: <83e33801-f880-8c50-22d8-393ef36c2eb0@shatow.net> Date: Tue, 14 Nov 2017 15:44:03 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <5A0B7B37.8040405@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 23:44:12 -0000 On 11/14/2017 3:24 PM, Ernie Luzar wrote: > Searched the porters handbook and can not find any info about how to > code the Makefile for adding a file to /usr/local/etc/periodic/daily > directory. Was hoping for a canned macro but no joy. > > Can someone please point me to documentation or provide an example. > > Thanks It's just a file, nothing too special needed. ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily ${INSTALL_SCRIPT} ${WRKSRC}/40.blah ${STAGEDIR}${PREFIX}/etc/periodic/daily/ pkg-plist: etc/periodic/daily/40.blah -- Regards, Bryan Drewery bdrewery@freenode/EFNet From owner-freebsd-questions@freebsd.org Wed Nov 15 05:19:41 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EE95DBFB79 for ; Wed, 15 Nov 2017 05:19:41 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 716047E500 for ; Wed, 15 Nov 2017 05:19:41 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: by mailman.ysv.freebsd.org (Postfix) id 70B45DBFB78; Wed, 15 Nov 2017 05:19:41 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 701A8DBFB77 for ; Wed, 15 Nov 2017 05:19:41 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 253657E4FF for ; Wed, 15 Nov 2017 05:19:40 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 29CCED7886 for ; Wed, 15 Nov 2017 12:19:32 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :subject:subject:from:from:received:received:received; s= selector1; t=1510723171; x=1512537572; bh=rbLcywJT2ysfEqiXodzjnk 5dC+fO8e5kugjirXnQXTc=; b=POV+GeHAOQ5v42/SR8jFqT41KAxOGXT4Jor7AY sn28WSBGq6oFOFTMfPVarJWnUYKp9fiJdmb+hvO1T/LNoKyHm8OUGa52Rqlo2RUT SQj++2GsRzFByDW2TbpcPkRV4rD5GNVcOnbs8e18s9tF3l7A0wpcGD+8aQ5YEX8s QjPXU= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Z_pRnfV7trpg for ; Wed, 15 Nov 2017 12:19:31 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id AB8BDD7882 for ; Wed, 15 Nov 2017 12:19:31 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id vAF5JVeC025732; Wed, 15 Nov 2017 12:19:31 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: questions@freebsd.org Subject: Running bsdstats through a proxy Date: Wed, 15 Nov 2017 12:19:31 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 05:19:41 -0000 Hi, I would like to enable bsdstats to run, but I need to configure a proxy. I see it rely on the environment variable HTTP_PROXY, but where should I define it so that it is used by the monthly periodic script and by bsdstats launched at boot? TIA, Olivier -- From owner-freebsd-questions@freebsd.org Wed Nov 15 07:45:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58FF3DD408C for ; Wed, 15 Nov 2017 07:45:12 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 17B3018B2 for ; Wed, 15 Nov 2017 07:45:12 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:9540:d13e:eb59:8c6d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id D28EB170B for ; Wed, 15 Nov 2017 07:45:08 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: Running bsdstats through a proxy To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <8e1589b3-1fbe-9541-dcd3-778bffd3ce43@FreeBSD.org> Date: Wed, 15 Nov 2017 07:45:08 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pN1cBmacXJDblB8d15FoOcJp5vNv0W8dW" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 07:45:12 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --pN1cBmacXJDblB8d15FoOcJp5vNv0W8dW Content-Type: multipart/mixed; boundary="9gaNPeeg6oba5FxmWucUWiGbThSIp9BxA"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <8e1589b3-1fbe-9541-dcd3-778bffd3ce43@FreeBSD.org> Subject: Re: Running bsdstats through a proxy References: In-Reply-To: --9gaNPeeg6oba5FxmWucUWiGbThSIp9BxA Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 15/11/2017 05:19, Olivier wrote: > Hi, >=20 > I would like to enable bsdstats to run, but I need to configure a proxy= =2E >=20 > I see it rely on the environment variable HTTP_PROXY, but where should = I > define it so that it is used by the monthly periodic script and by > bsdstats launched at boot? >=20 > TIA, >=20 > Olivier >=20 /etc/login.conf should work for you. You can add whatever environment settings you want to the :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK:\ li= ne. Remember to run 'cap_mkdb /etc/login.conf' after editing the file. Cheers, Matthew --9gaNPeeg6oba5FxmWucUWiGbThSIp9BxA-- --pN1cBmacXJDblB8d15FoOcJp5vNv0W8dW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAloL8IRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcUHG1hdHRoZXdA ZnJlZWJzZC5vcmcACgkQAFE/EOCp5OeqoQ/9HeDRc+H7cR+CfwhSuEMUa3efAnUe 5KUsPmwrprgtFH5Wf5jHx9WIKRVPt6u6R8GNXTXnSADkEMu2cOTqSiFL02eANtN4 9BPJjMxqm6px1cTIZPtQRQ1fbWlLWcd4gyfMZtDVt2JMyClDTbHuUhQRy35A0TBw CJoNXacHVDupd84IYKVhkR77h9v+revKSf8blEEDXWX8kN33v7aSzshVKcMLgpNs cBA2vSlbiUEPnOhmc+2meOr53p9PUrpBCOPwqBkAMWhccHHMH76YXj819eXB+ZGn nhIz0tWSCEmze2CjqW0CoXtmOJYNNU0QGV6LqFyvJQd4vnEZ0oAIY15sGkLU60AS S7vErACT46DSdBtXwcVP2SNUiwXLHTShq2hFFRbwaToCDFpzZwjP1IhMHOBrRYfS 9nQzqUBGFbexWtkkl27vzVGISJV6iOf7RRQdMaDEiKg+tjBVOoTNk///JIhTv0Tn qsWYcUSSVj0L+a8sa4kgbrNm86UJYsSZvJL1BDyN3E/65Lumvt3mLZiO6RqzCYLP qi5Z66Z27hS8yGGgEfyhAEaEnw7w89Uy1V562YUyuY99TEhb03tl4cjPfe9iI2vo U+WTQl34cyUc7xJz8q4tuwDojAd0HbpffdqQXZp0DP6oJddvfeyCFfNJQAKW7RYj Z8/QrtrMW1WDmXk= =TZ+b -----END PGP SIGNATURE----- --pN1cBmacXJDblB8d15FoOcJp5vNv0W8dW-- From owner-freebsd-questions@freebsd.org Wed Nov 15 07:55:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD46FDD43E2 for ; Wed, 15 Nov 2017 07:55:31 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5118C1D0D; Wed, 15 Nov 2017 07:55:29 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vAF7tIF3059123; Wed, 15 Nov 2017 18:55:18 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 15 Nov 2017 18:55:18 +1100 (EST) From: Ian Smith To: Kurt Lidl cc: Cos Chan , freebsd-questions , Michael Ross Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: <7961d19a-bc0c-6dc4-771e-f702ce741144@FreeBSD.org> Message-ID: <20171115184724.R72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <7961d19a-bc0c-6dc4-771e-f702ce741144@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 07:55:32 -0000 On Mon, 13 Nov 2017 12:37:46 -0500, Kurt Lidl wrote: > Greetings all! Welcome Kurt, very glad you're here! > Sorry for not being response to your request for help sooner. > > I had a bit of a hardware crisis here last week, where > what I thought was merely a blown power supply turned > out to be a failed motherboard. Getting the 2.5" SAS > drives back up and running in a different machine took > far longer than I would have guessed. That, along with > a secondary MX host that was offline for the first 36 > hours after the main mail server went down was a cause > for additional excitement. Sounds like lots of fun, and certainly explains the mail problems. > Anyway. > > I've read through the mail exchange, although its a bit > hard to follow all of it. It is, and a lot of that's my fault for speculating in your absense, however I do find this an interesting gadget, even though I'm not likely to be running an 11.x system in the foreseeable future. I'll get back to the rest of your observations after replying to a couple of Cos' messages first - as briefly as possible! cheers, Ian From owner-freebsd-questions@freebsd.org Wed Nov 15 08:18:09 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2690DD4D6D for ; Wed, 15 Nov 2017 08:18:09 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7669E2757; Wed, 15 Nov 2017 08:18:09 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 5C260D7886; Wed, 15 Nov 2017 15:18:06 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1510733885; x=1512548286; bh=QPJdHac4h QkDAMHvHVLsXMOlBGk5D4CXBbPjR9qZ7ZA=; b=W4kdb4S6iU4zgKLH02CR6pCin iPraQljYEtHR/u5yQshXQae7lYlDwkW2w5+W9VLEO2YtVO8t3d5JTbKevEcq1r/D 5EcRyREtXqqBz3UlBXfEA37egKO9N388yloxMR5zDpz9HS+fHg1I7r/D+vAWQX3z KPi6Fg/sWT/MhDBt+o= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 75bRgMWW1M5H; Wed, 15 Nov 2017 15:18:05 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id B7B24D7882; Wed, 15 Nov 2017 15:18:05 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id vAF8I58e028604; Wed, 15 Nov 2017 15:18:05 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: Matthew Seaman Cc: freebsd-questions@freebsd.org Subject: Re: Running bsdstats through a proxy In-Reply-To: <8e1589b3-1fbe-9541-dcd3-778bffd3ce43@FreeBSD.org> (message from Matthew Seaman on Wed, 15 Nov 2017 07:45:08 +0000) Date: Wed, 15 Nov 2017 15:18:05 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 08:18:09 -0000 Matthew Seaman writes: > /etc/login.conf should work for you. You can add whatever environment > settings you want to the :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ line. > > Remember to run 'cap_mkdb /etc/login.conf' after editing the file. Thank you. Olivier From owner-freebsd-questions@freebsd.org Wed Nov 15 08:25:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0213DD503D for ; Wed, 15 Nov 2017 08:25:11 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BBA862B8C; Wed, 15 Nov 2017 08:25:09 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vAF8P5Bk060205; Wed, 15 Nov 2017 19:25:06 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 15 Nov 2017 19:25:05 +1100 (EST) From: Ian Smith To: Cos Chan cc: freebsd-questions , Michael Ross , Kurt Lidl Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171115185528.V72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 08:25:11 -0000 On Mon, 13 Nov 2017 15:17:20 +0100, Cos Chan wrote: > On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith wrote: > > On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: I'll have to cut mercilessly, trying to keep to newest issues .. > > When ipfw is running, issuing this will show you the addresses blocked: > > > > # ipfw table port22 list > > until now it seems working on list updating. but I am not sure if it is > really working fine. > > here is one strange record: > > $ sudo blacklistctl dump -b | grep 1662 > 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 > > This IP was blocked in ipfw from last week. while I checked it last week > Friday it was 800+/1 in blacklist and until today it become 1662. > > To my knowledge the ipfw should block the connection, the times of banned > IP should be not increased? > > I could see more entries with more than 3/1, for example: > > 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 > 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 > 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 > 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 > 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 > 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 > 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 > 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 > 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 > 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 > 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 > 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 > > These records I am not sure if they were not increased after added to ipfw > list. but the 1662 times one, I am sure it was increased after ipfw had the > ip in list. That one does seem strange, though Kurt explained how this can happen. Without seeing synchronised logs from blacklistd and blacklistd-helper and ipfw, with clearly stated current configuration and switches, it's very difficult to know what might be happening .. > > You might instead try MaxAuthTries 4 .. sshd_config(5) says: > > > > MaxAuthTries > > Specifies the maximum number of authentication attempts > > permitted > > per connection. Once the number of failures reaches half this > > value, additional failures are logged. The default is 6. > > > > Half of 3 as an integer is only 1, but half of 4 is 2. See if it helps? > I didnt change the MaxAuthTries, since I found something interesting from > the different logs concerning that issue: > > >From blacklistctl dump: > > $ sudo blacklistctl dump > address/ma:port id nfail last access > 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 > 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 > 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 > 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 > 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 > 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 > 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 > 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 > > >From sshd log: > > Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 > Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi > [preauth] > Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi > [preauth] Note the two different PIDs on these, indicating sshd handling two separate connections. From above, MaxAuthTries limits the maximum number of attempts _per_connection_. So each of these indicate only one (or possibly two, as again from above, only those greater than half of the maximum (here 3/2 = 1) are supposedly logged by sshd). I don't know just what sshd reports to blacklistd in what circumstances, nor how those are reflected in blacklistd's logging .. Kurt likely does. > Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 > Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user > support [preauth] > Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from > 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] That's on one PID, ie one connection. Less than three failures on it. > Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user admin > [preauth] > Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from > 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] Ditto. > Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user admin > [preauth] > Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from > 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] Another. > Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 > Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user ubnt > [preauth] > Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from > 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] Again. > Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from 123.31.26.123 > Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user > PlcmSpIp [preauth] > Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from > 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] Again. > Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 > Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user admin > [preauth] > Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from > 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail > [preauth] And yet another. There's no indication that sshd is - or is supposed to be - keeping track of separate connections from the same IP address. > I see 2 problems: > > Problem 1: > The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it > tried only 2 times. Perhaps rather, only once or twice on each of two separate connections? > But in my opinion it should be recorded to blacklistd as 2/1 instead of 0/1. I gather that it would take 3 failed logins on any _one_ connection to report it as _one_ failure to blacklistd. > Problem 2: > The IP 123.31.26.123 was trying to use different user name to login more > than 3 times. it was also recorded in blacklistd as 0/1. > > In my opinion the above 2 all should be banned by blacklistd. Again, no single one of those connections failed 3 times. In other words, I don't think this works the way you're expecting. > > Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. > > In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf lying > > around from before? it should have failed with 'exit 1' .. though it's > > not clear from browsing the code that even that would cause it to quit. > > > > No, there are not /etc/pf.conf and /etc/ipf.conf. So it looks like you maybe just didn't see any failure message at the time, likely to stderr, and you weren't logging blacxklistd at that time. It would be good to know what happens if blacklistd-helper fails. Moving on .. cheers, Ian From owner-freebsd-questions@freebsd.org Wed Nov 15 09:02:34 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E13E7DD5F25 for ; Wed, 15 Nov 2017 09:02:34 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E23263CC4; Wed, 15 Nov 2017 09:02:33 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vAF92TK4061505; Wed, 15 Nov 2017 20:02:29 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 15 Nov 2017 20:02:29 +1100 (EST) From: Ian Smith To: Cos Chan cc: freebsd-questions , Michael Ross , Kurt Lidl Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171115192830.R72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 09:02:35 -0000 On Tue, 14 Nov 2017 15:38:51 +0100, Cos Chan wrote: > On Tue, Nov 14, 2017 at 9:31 AM, Cos Chan wrote: > > > > On Mon, Nov 13, 2017 at 3:17 PM, Cos Chan wrote: > >> here is one strange record: > >> > >> $ sudo blacklistctl dump -b | grep 1662 > >> 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 > >> > >> This IP was blocked in ipfw from last week. while I checked it last week > >> Friday it was 800+/1 in blacklist and until today it become 1662. > >> > >> To my knowledge the ipfw should block the connection, the times of banned > >> IP should be not increased? Have you added blacklistd_flags="-r" to /etc/rc.conf? And are you using 'service blacklistd start' to control it? If otherwise, are you always starting blacklistd with the -r switch? Be explicit. If not, a fresh run of blacklistd should NOT try to remove and re-add each of its blocked addresses, and if ipfw has been restarted, that address will NOT be in its table of addresses to block. Might that explain what you're seeing? Whenever in doubt, just run 'ipfw table \(port22\) list'. Also, when listing ipfw rules, it's helpful to use 'ipfw -t show' which shows all rules with their packet and byte counters, plus the date last used for each rule. Or even just 'ipfw -t show 4022' or whatever. > >> I could see more entries with more than 3/1, for example: > >> > >> 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 > >> 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 > >> 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 > >> 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 > >> 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 > >> 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 > >> 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 > >> 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 > >> 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 > >> 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 > >> 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 > >> 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 > >> > >> These records I am not sure if they were not increased after added to > >> ipfw list. but the 1662 times one, I am sure it was increased after ipfw > >> had the ip in list. But perhaps ipfw was restarted, and lost either the rule or the table? Remember, ipfw does not keep its tables between runs, without scripting. > > add the ipfw rules: > > > > $ sudo ipfw list > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 00400 deny ip from any to ::1 > > 00500 deny ip from ::1 to any > > 00600 allow ipv6-icmp from :: to ff02::/16 > > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > > 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 > > 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > > 02022 deny tcp from table(port22) to any dst-port 22 > > 65000 allow ip from any to any > > 65535 deny ip from any to any > the more logs might be useful: > > $ sudo tail security > Nov 14 15:09:07 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 > 192.168.11.15:22 in via em0 > Nov 14 15:09:21 res kernel: ipfw: 2022 Deny TCP 123.125.203.196:6920 > 192.168.11.15:22 in via em0 > Nov 14 15:10:11 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 > 192.168.11.15:22 in via em0 > Nov 14 15:10:33 res kernel: ipfw: 2022 Deny TCP 83.12.107.106:6920 > 192.168.11.15:22 in via em0 > Nov 14 15:11:08 res last message repeated 15 times > Nov 14 15:12:32 res last message repeated 4 times > Nov 14 15:21:10 res kernel: ipfw: 2022 Deny TCP 201.147.183.55:60299 > 192.168.11.15:22 in via em0 > Nov 14 15:21:17 res last message repeated 3 times > Nov 14 15:25:38 res kernel: ipfw: 2022 Deny TCP 105.226.55.239:48315 > 192.168.11.15:22 in via em0 > Nov 14 15:26:18 res last message repeated 12 times Well yes, that shows those addresses being blocked, on successive connection attempts, at that time. However ipfw only logs rules to /var/log/security that contain the 'log' keyword, so you presumably MUST have added that, making the rule be: 02022 deny log tcp from table(port22) to any dst-port 22 --- If you didn't do that - in blacklistd-helper? or manually? - then ipfw in 11.1 is severely broken .. please do say when you change conditions. > $ sudo tail auth.log > Nov 14 15:07:24 res sshd[9029]: input_userauth_request: invalid user admin > [preauth] > Nov 14 15:10:33 res sshd[9052]: Invalid user omni from 83.12.107.106 > Nov 14 15:10:33 res sshd[9052]: input_userauth_request: invalid user omni > [preauth] > Nov 14 15:25:37 res sshd[9144]: reverse mapping checking getaddrinfo for > 105-226-55-239.south.dsl.telkomsa.net [105.226.55.239] failed - POSSIBLE > BREAK-IN ATTEMPT! > Nov 14 15:25:37 res sshd[9144]: Invalid user admin from 105.226.55.239 > Nov 14 15:25:37 res sshd[9144]: input_userauth_request: invalid user admin > [preauth] That one is different .. and seems to have been added to ipfw table as above .. but we can't see what blacklistctl reports for it. Confusing. Might that have been reported as ABUSIVE? No matching blacklistd.log? > Nov 14 15:26:08 res sshd[9152]: Received disconnect from 121.18.238.123 > port 42391:11: [preauth] > Nov 14 15:26:08 res sshd[9152]: Disconnected from 121.18.238.123 port 42391 > [preauth] > > The IP 105.226.55.239 looks like banned by IPFW, but still connected to > sshd? No, it was first logged as denied from 15:25:38, after sshd reported it. Hope that helps. cheers, Ian From owner-freebsd-questions@freebsd.org Wed Nov 15 09:03:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C72DDD5FD0 for ; Wed, 15 Nov 2017 09:03:10 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 234213DB9 for ; Wed, 15 Nov 2017 09:03:09 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from [192.168.1.183] (host81-134-87-65.range81-130.btcentralplus.com [81.134.87.65]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id vAF934B3084243 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Wed, 15 Nov 2017 09:03:05 GMT (envelope-from frank2@fjl.co.uk) User-Agent: K-9 Mail for Android In-Reply-To: References: <6D5CB8A0-F31D-4899-BBF0-4208CDC34624@fjl.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: portsnap fails if not root From: "Frank Leonhardt (m)" Date: Wed, 15 Nov 2017 09:02:57 +0000 To: "freebsd-questions@freebsd.org" Message-ID: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 09:03:10 -0000 On 14 November 2017 15:49:52 GMT+00:00, "Frank Leonhardt (m)" wrote: > > >On 14 November 2017 15:24:32 GMT+00:00, Frank Leonhardt > wrote: >>Is there any reason why portsnap has to run as root? If you specify >>alternative ports dir and db dir using -p and - d, it should download >>and unpack stuff in home directory. >> >>Trouble us that it gets the tag, and starts fetching Metadata, but >>terminates with no message before it prints ..done. Not even a /n. >> >>Anyone know why before I start digging? For the sake of anyone with the same problem searching the archive... portsnap is very hit-and-miss at checking diagnostic returns when it runs something. In the case of the tag/metadata it can fails but still say it has completed as return is not checked. On the second one that fails there is a lazy bailout which drops you back to the prompt mid-line. In order to preserve the mystery as long as possible, it directs stderr to the bit bucket. In my case, the user account had insufficient file access to do the fetch. If you edit the macro to make stderr redirect to, er, stderr you will see a lot more of what is going on. I may do an error checking version one day if no one else does first... Regards, Frank. -- Sent from my Cray X/MP with small fiddling keyboard. From owner-freebsd-questions@freebsd.org Wed Nov 15 11:30:45 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E344DD9D91 for ; Wed, 15 Nov 2017 11:30:45 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A7CA6720D; Wed, 15 Nov 2017 11:30:44 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x236.google.com with SMTP id z3so2310852wme.3; Wed, 15 Nov 2017 03:30:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qqjquPVX5l1mCblSkKR/KLHYnRmqiJQ1XDYy4FWGEmw=; b=BRikzkGaLhGUZWLpY+WSX73dm3+QD2GJztDUfZ5WopFIi+9M9iAnoNi5lh05yOtNFQ WW66d88g4DfKrSH0P2zToZsk6JNonWZ098qNVZMcw0Vo5T+KQFsouJKPiD7E0nQjDlj5 PcmXQt5V0pRE7U1HrhuHn1mUo1fylxKeJKnFdqx9BTE0ldBCz9glabIHtLRRxINAjUiA CYCLLF5/OnuKslLsBZrlfyrPerzmBNPwJn4ImB3DKlSyUHOb0E8XsGPlJux6DBm1N7cy R1G4hrGdiMhlU8zkDCzucFM5Mz7fBI48YliIHEqUgnWsmxEbcosvnyMxaqd4iL/A3W/H ey4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qqjquPVX5l1mCblSkKR/KLHYnRmqiJQ1XDYy4FWGEmw=; b=DQJyG8XJPSjfbXLmDVNfyrRT5yRzATxMHTLKgkQLXd/yI7ay60hkX+n3XOlafF34PN JjMoWJTKZX6Rzj/CHZRpa3+oJ1w9R7wwlNsFqyo4aTX+27zEFmxZqGofVeqwKag/4+QW +bP1Ph1R22iEKmwjouuKQxnoEMOoS/xSSschj0kWdKxlX/ZCAMQWpJCAbKjmkeyEjJfR OdXm6clHYs7n2+zIjENmkTrNe/CitIZoqb/6AtVuIAnbmpLDjzJqwX9momUXHyHoh/VD RuV4IuO5ycIM6EWwiQ0Udma8znfhl3CK4SOR1Jf5k/2T6iO9to/K5MYPeyq/GXxvOJYf Afzg== X-Gm-Message-State: AJaThX518Kh2MBut/ZHvDrPHbn7DSc0O4TOsclJ4xzDHsPmB6C9SUvyJ zA3bcWMdz6t91aIaBLCSXo7ATHpTV3o2HOT469s= X-Google-Smtp-Source: AGs4zMbn4+USggnswhROiGuSu37xhcD/Lqwf2Vwt1pLwT91KFjc8nblA8jKJ9PwyrMqOhUMes72bq6E6PvOJfVK1PsM= X-Received: by 10.28.57.11 with SMTP id g11mr9114446wma.92.1510745442226; Wed, 15 Nov 2017 03:30:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 03:30:40 -0800 (PST) In-Reply-To: <20171115185528.V72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115185528.V72828@sola.nimnet.asn.au> From: Cos Chan Date: Wed, 15 Nov 2017 12:30:40 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 11:30:45 -0000 On Wed, Nov 15, 2017 at 9:25 AM, Ian Smith wrote: > On Mon, 13 Nov 2017 15:17:20 +0100, Cos Chan wrote: > > > On Sat, Nov 11, 2017 at 1:42 PM, Ian Smith > wrote: > > > On Thu, 9 Nov 2017 14:25:52 +0100, Cos Chan wrote: > > I'll have to cut mercilessly, trying to keep to newest issues .. > > > > When ipfw is running, issuing this will show you the addresses > blocked: > > > > > > # ipfw table port22 list > > > > until now it seems working on list updating. but I am not sure if it is > > really working fine. > > > > here is one strange record: > > > > $ sudo blacklistctl dump -b | grep 1662 > > 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 > > > > This IP was blocked in ipfw from last week. while I checked it last week > > Friday it was 800+/1 in blacklist and until today it become 1662. > > > > To my knowledge the ipfw should block the connection, the times of > banned > > IP should be not increased? > > > > I could see more entries with more than 3/1, for example: > > > > 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 > > 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 > > 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 > > 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 > > 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 > > 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 > > 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 > > 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 > > 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 > > 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 > > 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 > > 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 > > > > These records I am not sure if they were not increased after added to > ipfw > > list. but the 1662 times one, I am sure it was increased after ipfw had > the > > ip in list. > > That one does seem strange, though Kurt explained how this can happen. > Without seeing synchronised logs from blacklistd and blacklistd-helper > and ipfw, with clearly stated current configuration and switches, it's > very difficult to know what might be happening .. > > > > You might instead try MaxAuthTries 4 .. sshd_config(5) says: > > > > > > MaxAuthTries > > > Specifies the maximum number of authentication attempts > > > permitted > > > per connection. Once the number of failures reaches > half this > > > value, additional failures are logged. The default is 6. > > > > > > Half of 3 as an integer is only 1, but half of 4 is 2. See if it > helps? > > > I didnt change the MaxAuthTries, since I found something interesting > from > > the different logs concerning that issue: > > > > >From blacklistctl dump: > > > > $ sudo blacklistctl dump > > address/ma:port id nfail last access > > 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 > > 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 > > 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 > > 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 > > 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 > > 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 > > 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 > > 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 > > > > >From sshd log: > > > > Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 > > Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 > > Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user pi > > [preauth] > > Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user pi > > [preauth] > > Note the two different PIDs on these, indicating sshd handling two > separate connections. From above, MaxAuthTries limits the maximum > number of attempts _per_connection_. So each of these indicate only one > (or possibly two, as again from above, only those greater than half of > the maximum (here 3/2 = 1) are supposedly logged by sshd). > > I don't know just what sshd reports to blacklistd in what circumstances, > nor how those are reflected in blacklistd's logging .. Kurt likely does. > > > Nov 11 03:50:47 res sshd[57896]: Invalid user support from 123.31.26.123 > > Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user > > support [preauth] > > Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from > > 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > That's on one PID, ie one connection. Less than three failures on it. > > > Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 > > Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user > admin > > [preauth] > > Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from > > 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > Ditto. > > > Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 > > Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user > admin > > [preauth] > > Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from > > 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > Another. > > > Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 > > Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user > ubnt > > [preauth] > > Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from > > 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > Again. > > > Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from > 123.31.26.123 > > Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user > > PlcmSpIp [preauth] > > Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from > > 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > Again. > > > Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 > > Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user > admin > > [preauth] > > Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from > > 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail > > [preauth] > > And yet another. There's no indication that sshd is - or is supposed to > be - keeping track of separate connections from the same IP address. > I agree that sshd should not keep track the IP, but blacklistd should do. > > > I see 2 problems: > > > > Problem 1: > > The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), it > > tried only 2 times. > > Perhaps rather, only once or twice on each of two separate connections? > > > But in my opinion it should be recorded to blacklistd as 2/1 instead of > 0/1. > > I gather that it would take 3 failed logins on any _one_ connection to > report it as _one_ failure to blacklistd. > is this reasonable? in case one IP was using thousands connections which failed once per connection, then it will never be banned by blacklistd (unless the maxauth of sshd is 1)? > > > Problem 2: > > The IP 123.31.26.123 was trying to use different user name to login more > > than 3 times. it was also recorded in blacklistd as 0/1. > > > > In my opinion the above 2 all should be banned by blacklistd. > > Again, no single one of those connections failed 3 times. In other > words, I don't think this works the way you're expecting. > > > Earlier you said you'd run it without /etc/ipfw-blacklist.rc existing. > > > In that case - UNLESS you had either /etc/pf.conf or /etc/ipf.conf > lying > > > around from before? it should have failed with 'exit 1' .. though it's > > > not clear from browsing the code that even that would cause it to > quit. > > > > > > > No, there are not /etc/pf.conf and /etc/ipf.conf. > > So it looks like you maybe just didn't see any failure message at the > time, likely to stderr, and you weren't logging blacxklistd at that > time. It would be good to know what happens if blacklistd-helper fails. > I did it again. to make a little clear to Kurt, I will explain the problem and configurations. here is the log to show "problem n-1/n", the blacklistd could not never reach maximum nfail and ban the IP. To produce the problem, I only need to remove /etc/ipfw-blacklist.rc and there is no /etc/pf.conf or /etc/ipf.conf either. I run blacklistd by "service blacklistd start", here is the rc.conf: blacklistd_enable="YES" blacklistd_flags="-r" here is sshd_config: AuthenticationMethods publickey MaxAuthTries 4 UseBlacklist yes here is ipfw in rc.conf: #ipfw firewall_enable="YES" firewall_quiet="YES" firewall_type="open" firewall_script="/usr/local/etc/firewall.rules" firewall_logging="YES" modification to /usr/libexec/blacklistd-helper is to add one line for log: # $7 id echo "`date` $0 run $@" >>/var/log/blacklistd-helper.log pf= the ipfw list: $ sudo ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 02022 deny log tcp from table(port22) to any dst-port 22 65000 allow ip from any to any 65535 deny ip from any to any the rule "02022 deny log tcp from table(port22) to any dst-port 22" was added by myself to have log from ipfw syslog.conf: !blacklistd *.* /var/log/blacklistd.log I did sshd MaxAuthTries =3 and 4. maxauth =3, the blacklistd-helper.log: --start sshd maxauth=3; blacklist nfail=2, disable=*; ipfw enabled, removed /etc/ipfw-blacklist.rc-- Wed Nov 15 09:53:40 CET 2017 /usr/libexec/blacklistd-helper run flush blacklistd Wed Nov 15 09:55:47 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 59.120.35.74 32 22 Wed Nov 15 09:55:47 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 59.120.35.74 32 22 Wed Nov 15 09:59:21 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 193.201.224.218 32 22 Wed Nov 15 09:59:21 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 193.201.224.218 32 22 Wed Nov 15 09:59:25 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 193.201.224.218 32 22 Wed Nov 15 09:59:26 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 193.201.224.218 32 22 Wed Nov 15 09:59:26 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 193.201.224.218 32 22 .... blacklistd.log: Nov 15 09:55:09 res blacklistd[18044]: Connected to blacklist server Nov 15 10:14:14 res blacklistd[18045]: message too short 144 Nov 15 10:14:14 res blacklistd[18045]: no message (Connection refused) Nov 15 10:17:33 res blacklistd[18045]: message too short 144 Nov 15 10:17:33 res blacklistd[18045]: no message (Connection refused) Nov 15 10:17:34 res blacklistd[18045]: message too short 144 Nov 15 10:17:34 res blacklistd[18045]: no message (Connection refused) Nov 15 10:17:44 res blacklistd[18045]: message too short 144 Nov 15 10:17:44 res blacklistd[18045]: no message (Connection refused) Nov 15 10:17:54 res blacklistd[18045]: message too short 144 Nov 15 10:17:54 res blacklistd[18045]: no message (Connection refused) Nov 15 10:18:20 res blacklistd[18045]: message too short 144 Nov 15 10:18:20 res blacklistd[18045]: no message (Connection refused) Nov 15 10:18:30 res blacklistd[18045]: message too short 144 Nov 15 10:18:30 res blacklistd[18045]: no message (Connection refused) dump: $ sudo blacklistctl dump address/ma:port id nfail last access 59.120.35.74/32:22 1/2 2017/11/15 09:55:47 89.135.123.209/32:22 1/2 2017/11/15 10:32:53 193.201.224.218/32:22 1/2 2017/11/15 09:59:20 118.123.245.239/32:22 1/2 2017/11/15 10:15:10 $ sudo blacklistctl dump -b address/ma:port id nfail last access maxauth=4, the logs $ cat blacklistd-helper.log --start sshd maxauth=4; blacklist nfail=2, disable=*; ipfw enabled, removed /etc/ipfw-blacklist.rc-- Wed Nov 15 10:53:39 CET 2017 /usr/libexec/blacklistd-helper run flush blacklistd Wed Nov 15 10:56:45 CET 2017 /usr/libexec/blacklistd-helper run flush blacklistd Wed Nov 15 10:58:44 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 41.73.194.139 32 22 Wed Nov 15 10:58:44 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 41.73.194.139 32 22 Wed Nov 15 11:01:04 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 83.246.164.83 32 22 Wed Nov 15 11:01:04 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 83.246.164.83 32 22 $ tail blacklistd.log Nov 15 10:53:39 res blacklistd[21125]: Connected to blacklist server Nov 15 10:53:53 res blacklistd[21161]: Connected to blacklist server Nov 15 10:56:45 res blacklistd[21264]: Connected to blacklist server Nov 15 10:56:57 res blacklistd[21312]: Connected to blacklist server $ sudo blacklistctl dump address/ma:port id nfail last access 41.73.194.139/32:22 1/2 2017/11/15 10:58:44 83.246.164.83/32:22 1/2 2017/11/15 11:01:04 $ sudo blacklistctl dump -b address/ma:port id nfail last access > > Moving on .. > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Wed Nov 15 11:46:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B9B7DDA377 for ; Wed, 15 Nov 2017 11:46:42 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCA94679DC; Wed, 15 Nov 2017 11:46:41 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x234.google.com with SMTP id p96so20190140wrb.7; Wed, 15 Nov 2017 03:46:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=reclS4suR3tkPSjD7sHTJVw2/vO4hz8un3SQHqLd3uw=; b=eWHlVTLZMbvIdMs4iZLEixZkWjpL7efMUaeOWKOsV/KZhlVsyDynKZtkPgdqBVoaoi fVuKWv0wajz5dAs1SMcqjFJvBs0Rj39GLejbX8vxAG16O9+7dmrHFYxuv1fDExe79HG2 6l49i15x1xYlz/BFc/mYkgX/XAtVYxtKMH0v8LWnfK3Meab8YGliaOgORXG0kRwCRgRD P/QaxNMIuantj7kGzyplAQfW86LwOCeS8QAEfVucHGOSehvxw9loOOXkpxgqT+lLbeVr Cn3phpN2tNn0ala5wyeDh8/Bp94tKmdpeIttj+9Q1FWJABplRmmKMAi/UW9EzxCkkESn Vi0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=reclS4suR3tkPSjD7sHTJVw2/vO4hz8un3SQHqLd3uw=; b=kpWK8T431WdhQAVMRuyGD5cvY48kAi234BJ2HMhmc4V4Bq3W00ZOCzGatr3PjHSyHP SAA1eoLQV0/jrPxjE3RQDY2JpKenn/mH46TzO3R96Nmaqnn/R5Io9JZeyePQSsIZR5zZ 5TWqKy28Ca9B7yBdPnCJTyLa+pwDPxZIro4i2gXTsUAn/x1HofnR/DyCOpF4hA55Sqvg w5WdkVJsHi2pVcNYIQBH3QXtTKoh4as1cipwLPh5qOWM/289bhLXySUtPo8QYPFD6CXF mlLdLkOReyUWSCOIQy6cDMiep3+pevgHSMEl54F5uahYKWfDin5rN5I+ybjJBHW+bHDb gxlA== X-Gm-Message-State: AJaThX6LGh7lGos2BXk/0iAg+Y8633C7+jDtzEyjzfKK7oqmGUMmOUyH uxS3wkbQupZbMU+4LPPZjYCVohqTsBz2rGFc8Mc= X-Google-Smtp-Source: AGs4zMaCe5VYHkse7WgE0UBxL/xj3RU6MWj6bl8INPrcNrSntjCaYaL7djj4BrR57oSt2T3CbeeEJSqOJQivNHKYxFM= X-Received: by 10.223.154.244 with SMTP id a107mr856762wrc.8.1510746400141; Wed, 15 Nov 2017 03:46:40 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 03:46:39 -0800 (PST) In-Reply-To: <20171115192830.R72828@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> From: Cos Chan Date: Wed, 15 Nov 2017 12:46:39 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 11:46:42 -0000 On Wed, Nov 15, 2017 at 10:02 AM, Ian Smith wrote: > On Tue, 14 Nov 2017 15:38:51 +0100, Cos Chan wrote: > > > On Tue, Nov 14, 2017 at 9:31 AM, Cos Chan wrote: > > > > > > On Mon, Nov 13, 2017 at 3:17 PM, Cos Chan wrote: > > > >> here is one strange record: > > >> > > >> $ sudo blacklistctl dump -b | grep 1662 > > >> 193.201.224.218/32:22 OK 1662/1 2017/11/13 00:31:04 > > >> > > >> This IP was blocked in ipfw from last week. while I checked it last > week > > >> Friday it was 800+/1 in blacklist and until today it become 1662. > > >> > > >> To my knowledge the ipfw should block the connection, the times of > banned > > >> IP should be not increased? > > Have you added blacklistd_flags="-r" to /etc/rc.conf? And are you > using 'service blacklistd start' to control it? If otherwise, are > you always starting blacklistd with the -r switch? Be explicit. > Yes blacklistd_flags="-r" to /etc/rc.conf and 'service blacklistd start' > > If not, a fresh run of blacklistd should NOT try to remove and re-add > each of its blocked addresses, and if ipfw has been restarted, that > address will NOT be in its table of addresses to block. Might that > explain what you're seeing? > > Whenever in doubt, just run 'ipfw table \(port22\) list'. Also, when > listing ipfw rules, it's helpful to use 'ipfw -t show' which shows all > rules with their packet and byte counters, plus the date last used for > each rule. Or even just 'ipfw -t show 4022' or whatever. > $ sudo ipfw -t show 02022 02022 204 19920 Wed Nov 15 12:41:36 2017 deny log tcp from table(port22) to any dst-port 22 > > > >> I could see more entries with more than 3/1, for example: > > >> > > >> 89.160.221.132/32:22 OK 18/1 2017/11/13 00:01:21 > > >> 60.125.42.119/32:22 OK 3/1 2017/11/12 16:13:53 > > >> 166.62.35.180/32:22 OK 3/1 2017/11/10 06:36:25 > > >> 202.162.221.51/32:22 OK 6/1 2017/11/10 00:42:14 > > >> 168.0.114.130/32:22 OK 3/1 2017/11/10 23:40:30 > > >> 95.145.71.165/32:22 OK 3/1 2017/11/11 07:07:07 > > >> 123.161.206.210/32:22 OK 3/1 2017/11/12 18:14:00 > > >> 203.146.208.208/32:22 OK 6/1 2017/11/10 10:16:21 > > >> 149.56.223.241/32:22 OK 1/1 2017/11/12 06:09:16 > > >> 121.169.217.98/32:22 OK 9/1 2017/11/12 21:59:57 > > >> 211.251.237.162/32:22 OK 2/1 2017/11/13 12:08:07 > > >> 103.99.0.116/32:22 OK 30/1 2017/11/10 14:56:07 > > >> > > >> These records I am not sure if they were not increased after added to > > >> ipfw list. but the 1662 times one, I am sure it was increased after > ipfw > > >> had the ip in list. > > But perhaps ipfw was restarted, and lost either the rule or the table? > Remember, ipfw does not keep its tables between runs, without scripting. > To explain to Kurt, this is concerning the issue failed number increased after the rule was in ipfw list. Just catch "fresh" log: $ sudo blacklistctl dump -b address/ma:port id nfail last access 94.23.73.97/32:22 OK 2/2 2017/11/15 11:58:11 123.59.135.58/32:22 OK 3/2 2017/11/15 12:10:12 132.148.128.234/32:22 OK 2/2 2017/11/15 12:13:42 $ sudo blacklistctl dump -b address/ma:port id nfail last access 94.23.73.97/32:22 OK 2/2 2017/11/15 11:58:11 123.59.135.58/32:22 OK 3/2 2017/11/15 12:10:12 132.148.128.234/32:22 OK 3/2 2017/11/15 12:15:40 IPFW log: Nov 15 12:13:42 res kernel: ipfw: 2022 Deny TCP 132.148.128.234:6920 192.168.11.15:22 in via em0 Nov 15 12:14:09 res last message repeated 14 times Nov 15 12:15:41 res last message repeated 4 times based on the log, assume the ipfw not restarted (since no new rule added?) and banned the IP 132.148.128.234 properly? in case I am right, the question is why the number increased from 2/2 to 3/2? blacklistd.log: Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 for -1 seconds Nov 15 12:15:40 res blacklistd[22100]: rule exists OK Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 for -1 seconds blacklistd-helper.log: Wed Nov 15 12:13:42 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 132.148.128.234 32 22 Wed Nov 15 12:15:40 CET 2017 /usr/libexec/blacklistd-helper run rem blacklistd tcp 132.148.128.234 32 22 OK Wed Nov 15 12:15:40 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 132.148.128.234 32 22 ipfw list: $ sudo ipfw table port22 list --- table(port22), set(0) --- ... 132.148.128.234/32 0 ... > > > add the ipfw rules: > > > > > > $ sudo ipfw list > > > 00100 allow ip from any to any via lo0 > > > 00200 deny ip from any to 127.0.0.0/8 > > > 00300 deny ip from 127.0.0.0/8 to any > > > 00400 deny ip from any to ::1 > > > 00500 deny ip from ::1 to any > > > 00600 allow ipv6-icmp from :: to ff02::/16 > > > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > > > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > > > 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 > > > 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > > > 02022 deny tcp from table(port22) to any dst-port 22 > > > 65000 allow ip from any to any > > > 65535 deny ip from any to any > > > the more logs might be useful: > > > > $ sudo tail security > > Nov 14 15:09:07 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 > > 192.168.11.15:22 in via em0 > > Nov 14 15:09:21 res kernel: ipfw: 2022 Deny TCP 123.125.203.196:6920 > > 192.168.11.15:22 in via em0 > > Nov 14 15:10:11 res kernel: ipfw: 2022 Deny TCP 182.93.152.171:6920 > > 192.168.11.15:22 in via em0 > > Nov 14 15:10:33 res kernel: ipfw: 2022 Deny TCP 83.12.107.106:6920 > > 192.168.11.15:22 in via em0 > > Nov 14 15:11:08 res last message repeated 15 times > > Nov 14 15:12:32 res last message repeated 4 times > > Nov 14 15:21:10 res kernel: ipfw: 2022 Deny TCP 201.147.183.55:60299 > > 192.168.11.15:22 in via em0 > > Nov 14 15:21:17 res last message repeated 3 times > > > Nov 14 15:25:38 res kernel: ipfw: 2022 Deny TCP 105.226.55.239:48315 > > 192.168.11.15:22 in via em0 > > Nov 14 15:26:18 res last message repeated 12 times > > Well yes, that shows those addresses being blocked, on successive > connection attempts, at that time. > > However ipfw only logs rules to /var/log/security that contain the 'log' > keyword, so you presumably MUST have added that, making the rule be: > > 02022 deny log tcp from table(port22) to any dst-port 22 > --- > > If you didn't do that - in blacklistd-helper? or manually? - then ipfw > in 11.1 is severely broken .. please do say when you change conditions. > Yes, I add "02022 deny log tcp from table(port22) to any dst-port 22" manually. > > > $ sudo tail auth.log > > Nov 14 15:07:24 res sshd[9029]: input_userauth_request: invalid user > admin > > [preauth] > > > Nov 14 15:10:33 res sshd[9052]: Invalid user omni from 83.12.107.106 > > Nov 14 15:10:33 res sshd[9052]: input_userauth_request: invalid user > omni > > [preauth] > > > Nov 14 15:25:37 res sshd[9144]: reverse mapping checking getaddrinfo for > > 105-226-55-239.south.dsl.telkomsa.net [105.226.55.239] failed - > POSSIBLE > > BREAK-IN ATTEMPT! > > Nov 14 15:25:37 res sshd[9144]: Invalid user admin from 105.226.55.239 > > Nov 14 15:25:37 res sshd[9144]: input_userauth_request: invalid user > admin > > [preauth] > > That one is different .. and seems to have been added to ipfw table as > above .. but we can't see what blacklistctl reports for it. Confusing. > > Might that have been reported as ABUSIVE? No matching blacklistd.log? > > > Nov 14 15:26:08 res sshd[9152]: Received disconnect from 121.18.238.123 > > port 42391:11: [preauth] > > Nov 14 15:26:08 res sshd[9152]: Disconnected from 121.18.238.123 port > 42391 > > [preauth] > > > > The IP 105.226.55.239 looks like banned by IPFW, but still connected to > > sshd? > > No, it was first logged as denied from 15:25:38, after sshd reported it. > > Hope that helps. > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Wed Nov 15 13:49:43 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9BD7DDD6F8 for ; Wed, 15 Nov 2017 13:49:43 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 89E426BD65 for ; Wed, 15 Nov 2017 13:49:43 +0000 (UTC) (envelope-from eduardo.lemosdesa@gmail.com) Received: by mail-qt0-x22b.google.com with SMTP id 1so34377356qtn.3 for ; Wed, 15 Nov 2017 05:49:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=/Y+70W4MgtYZHCxr55XbvQOtpZEH9BxP/rfr2Zo4/PU=; b=F3+HxYXf2ZN51bEqsXjqUg6v3FY2GIGwuA3d6rnOCDmk7TtSG7Ns/JmKgwelMsmSgC 5v/PkU+CWxMw0wlEKTZ+QeQzZWzzJDfh98UbtrxTKfyUTZUVAlG6eMK2PiuJDMqI8zYZ xWAAYvigSlk5CzJowtF49iX5IBmpvsLk9Bh+00gg267xOoXwB5XLwQwromrzcmo/eFK8 dJ9Hx+7K0mPTLL171td1iJlsXRXWaYBWDwKNSLQPreKhaGm4uqWm7mz7XPdpEBoRpP9L 7YzFTbGNOecy3wavyRks8DC6kAmM1zzBhVi8Sco89whgDBE7TqM0aNKr0LUZ0O+XmSGV c1Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=/Y+70W4MgtYZHCxr55XbvQOtpZEH9BxP/rfr2Zo4/PU=; b=lcLa+wEkt3awB2HzX0xoLq91iaCc4QP8sVN9/MwbOCSHVf7/PSg4lwy5YqqhcrsT3S rBX57cF2LvI0MYpB4qLAJE0VVlQmaQLXyxK4W2s+QLwptS+HqePUV5J/39ogc0dGpkeR k+WAfL42zVhugYF6w8vtNSLXfnRszC15szYek3TUMTfOJFXCRZ3K82N1Ve0xuWBwSN6/ MDkyyicK5Nx7tAzds1zaPzhA+mvliYV9MIuuKq+RgmgIpeecKEkZEuEnTJh0a7dJJi7K ZZtHN8seyFBRVRzH7UsZUSZ6nbPfqWUbEy3jKEhh+KfflkMMM0lTJUd2bU5Ignib4y/J iAWw== X-Gm-Message-State: AJaThX7SMMWcN0QG9ov0UvDXdtzgBqUqXPHeK+0y4Dts6oMTt2WwNAZg Qyvnv42WCbmx2j17KeLRyR6pwIru5IdBbjixU8A35g== X-Google-Smtp-Source: AGs4zMbhomH9HNwoMpQzySuIBpaLlgD8/8werM1tlprAjTzSYQ9jT1gBI7BxiPcf6iSzIm8ccgWZHdjSj21L8apMwhc= X-Received: by 10.55.133.65 with SMTP id h62mr24756696qkd.130.1510753782186; Wed, 15 Nov 2017 05:49:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.86.70 with HTTP; Wed, 15 Nov 2017 05:49:41 -0800 (PST) In-Reply-To: <20171114032526.74f0c5e3.freebsd@edvax.de> References: <19880211.ZzabHL5MdV@amd.asgard.uk> <20171114032526.74f0c5e3.freebsd@edvax.de> From: Eduardo Lemos de Sa Date: Wed, 15 Nov 2017 11:49:41 -0200 Message-ID: Subject: Re: Problems with Virtual-box To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 13:49:43 -0000 Dear Dave and Polytropon Sorry by the mistake to attch a pdf file. Here, at the end of this email, the most main information are going (in a plain text format). On Tue, Nov 14, 2017 at 12:25 AM, Polytropon wrote: > On Mon, 13 Nov 2017 22:02:06 +0000, Dave wrote: > > On Monday 13 November 2017 17:57:52 Eduardo Lemos de Sa wrote: > > > Sorry, I forgot to attach the pdf file with a virtualbox network > > > configuration. > > > > Attachments generally don't work on this list. > > If I remember correctly, text attachments do work (text/plain), > but binary attachments won't. > > > > > Either paste the text into the email or provide a link to somewhere > > you can make the file accessible. Plain text will suffice, no need > > for a pdf file. > > I may suggest pasting the relevant text into the message directly, > so it can be archived for future reference. If the text is being > posted on an external site, it may disappear, and a future reader > of the message will probably find it less helpful, as the text > which it is about will only 404. :-) > > With the pdftotext program (from the xpdf package), text can be > extracted from the PDF if there isn't any other source than the > PDF file. > > /boot/load.conf: kern.geom.label.disk_ident.enable=3D"0" kern.geom.label.gptid.enable=3D"0" zfs_load=3D"YES" fuse_load=3D"YES" nvidia_load=3D"YES" vboxdrv_load=3D"YES" hw.ata.atapi_dma=3D1 kern.ipc.semmni=3D"1250" kern.ipc.semmns=3D"9000" #kern.ipc.shmmax=3D"2863311530" #kern.ipc.shmall=3D"4194304" /etc/rc.conf: hostname=3D"matata" keymap=3D"br275.iso.acc" ifconfig_re0=3D"inet 200.17.215.86 netmask 255.255.255.0" sshd_enable=3D"YES" ntpd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" zfs_enable=3D"YES" linux_enable=3D"YES" openssh_enable=3D"YES" sshguard_enable=3D"YES" moused_enable=3D"YES" ntpdate_enable=3D"YES" powerd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" hald_enable=3D"YES" dbus_enable=3D"YES" apache24_enable=3D"YES" vboxnet_enable=3D"YES" vboxguest_enable=3D"YES" vboxservice_enable=3D"YES" devfs_system_ruleset=3D"system" # -- sysinstall generated deltas -- # Tue Feb 4 15:16:44 2014 saver=3D"blank" #blanktime=3D"120" smartd_enable=3D"YES" #vboxdrv_load=3D"YES" defaultrouter=3D"200.17.215.65" virtuabox network win-xp-32 config: Enable network: ok attached to: bridged adapter name: re0 (this is the network card working in FreeBSD-amd64-11.1-release) Advanced: Adapter type: Intel PRO/1000 MT Desktop (82540EM) Promiscous Mode: Allow All (I tried with Allows VMS and Deny, but with no one worked) MacAddress: 080027886E7D cable enable: ok Thank you in advance Yours Eduardo --=20 Eduardo Lemos de Sa Professor Titular Dep. Quimica da Universidade Federal do Paran=C3=A1 fone: +55(41)3361-3300 fax: +55(41)3361-3186 From owner-freebsd-questions@freebsd.org Wed Nov 15 14:17:46 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10EACDDDF30 for ; Wed, 15 Nov 2017 14:17:46 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C1EAC6C956 for ; Wed, 15 Nov 2017 14:17:45 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x230.google.com with SMTP id m191so1885230itg.2 for ; Wed, 15 Nov 2017 06:17:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=BtofvBAdg+u6xLj+gz7NlJSB3vFZJOIiCuHNA3pgey4=; b=XkEvLrmKWWYK8Q9C1jySksh7hVu5qy+zQFRaZ932f4whaveWbXGgFRVLcooRwEqaR9 OHASBkbAtAyVE7NGAWXjuvflNrXTB5BwJUfXsi5xeQT6mYuqt47DrLYEODvDr/WL4S/b h+OrhSW7hH6aPQ2Jn0d/tCdu3zw9vMa2TR3ZEZxNQx76p6bc38ZqtO61KiRPQPiy9TrW N5dKaWEAr5OMFn+7tYFRZ0cMWCm7rGKVkkI9Ua1MKfFfNM1EQzIHa5R9zVv48BYNxxvE 7CA/P2pmEIdmjAlLFio3vqjTvAGxsWcjYdpmyi/cvqK8ENvqxYI9tcQVehkVflX9LzKA vlzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=BtofvBAdg+u6xLj+gz7NlJSB3vFZJOIiCuHNA3pgey4=; b=YEpQ2aWX60k/uQVog6xeAZAFbzFiQJ3X0oSVYbe9DKJnaMXASAU5cl9l2vIx/b6cyM IFQhph0szJh+gjWwjDUInl440Sykd8zK5ul66aLeaQtd9++XXvzCigGRmIiFDLu5Vda1 KDdxlpf0/MHDgBbuqpUxmq7xoCmKF0pQ2gWptB0zdkWpWe3JJkbixnNg4aIWB8OytSsV yqLy7nfiCKuevFINklAQUizKnp5bBYaDpMFfmOt3/7C8MkTw2n5wKoDDSsxkiNYSEvPq TjVTYzHBEQBBw5T0X8BQCP3Thw5CWmrOHO/8g2wswTMcBAg5jr2Po2HoyJkfe6Ct7/kc Cqzg== X-Gm-Message-State: AJaThX7kX77L03ol3mH2z9IzPc27XijI6PR5wYcRVlRF5iJqnakaXyPn mFx/QXkjrbFsS+RrMhFyBzwb6Q== X-Google-Smtp-Source: AGs4zMaQRLGXRmOT1dO4ginrlqtZBSyHmv7kBDD/FA4OW6A7AsXuZR1F5Nb9Gah1rriVqnYiuVr9Ow== X-Received: by 10.36.22.79 with SMTP id a76mr20021118ita.55.1510755465148; Wed, 15 Nov 2017 06:17:45 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id v19sm1665405ite.4.2017.11.15.06.17.44 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Nov 2017 06:17:44 -0800 (PST) Message-ID: <5A0C4C88.70105@gmail.com> Date: Wed, 15 Nov 2017 09:17:44 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: fetchmail Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 14:17:46 -0000 Is there a more modern port that does the same thing as fetchmail? From owner-freebsd-questions@freebsd.org Wed Nov 15 14:23:27 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC555DDE30C for ; Wed, 15 Nov 2017 14:23:27 +0000 (UTC) (envelope-from matt.xtaz@gmail.com) Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 373806CDCA for ; Wed, 15 Nov 2017 14:23:27 +0000 (UTC) (envelope-from matt.xtaz@gmail.com) Received: by mail-wr0-x231.google.com with SMTP id w95so1762098wrc.2 for ; Wed, 15 Nov 2017 06:23:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ZO0uDo3WJXnV3WgNcraCIh49lMgRRwA9eO5bNUFsVAE=; b=ttmdlRCwQjIob0+ZDPZt+VhNHsjKVP6ISPtvwK7PB15HQhZn3IVKK2KpLAHRkyYprl leGz6+6/WDtpnP8g8tdiGKbhM6jCMNwhVZJDK9PlSsGOPiSH0GM3s6CXAVPqkRcQmME5 4vlUG6/rNkMV99lNFVeAJ6dV9hXj4tDPwnlRV9ucuiOHWQ+HEUzJYKnBNvQ8rDyOfmuE u/frlmHp///SV4ZU9Fucgu9nqTDqzo9sbp3Q4KIgIxfqFmfQEyS4FVgfbQasQ9s1x//H Z+rngABcMqKAlBHjw6Ki4AkgRxNKWuLr+o97i4TRitLU25KK5xFjcISdXmpf/QOdngeW gPJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to:user-agent; bh=ZO0uDo3WJXnV3WgNcraCIh49lMgRRwA9eO5bNUFsVAE=; b=DWX7nUvOntQZgupltm81HVZjAZX2bDgFHbmZkeeWomGo81M1QO3JTcbK2lYgV3t9Hj +zkDDUIRtv2r4j+pVxqrOkQ/2Mdubp4fSjy8YV0O7uBTHfAQPhNy2ptW9sYYbId8IdA5 c4TyxTnsbqs2Aq4qW3z9FWb2Jwd7y90r1FDgkc4hsHAvSPWL8OeA3W41niUpkAzTEHxC wmMfEpmVlErrviZI81Mf8O17LuSG+Um/DFnSrBM8kv0LdZLlmnpRWL+7BvBCjT7AvG6O /bRmMCqTQuKSH8+lgriIM1aDPHB4UROmaKLbauRArjun35tIaT+svBcAwfEEDUSc5W1Z p/Rg== X-Gm-Message-State: AJaThX4QznryCKlSvFS0XyzfRvvUZaIoo7i0WwzPyJTPkQBX4RW9lqQA lWRriku9gQ3B1aqZORV6dLo= X-Google-Smtp-Source: AGs4zMa0ZbSAs84390YdKguJ7H33JRsmD2Uqkq57shRse1px11VnUyW09N87y47Hs2td8/e+99jPbA== X-Received: by 10.223.129.41 with SMTP id 38mr14264068wrm.57.1510755805666; Wed, 15 Nov 2017 06:23:25 -0800 (PST) Received: from gmail.com (tao.xtaz.uk. [2001:8b0:fe33::10]) by smtp.gmail.com with ESMTPSA id 19sm21018069wmv.41.2017.11.15.06.23.24 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 06:23:25 -0800 (PST) Date: Wed, 15 Nov 2017 14:23:22 +0000 From: Matt Smith To: Ernie Luzar Cc: "freebsd-questions@freebsd.org" Subject: Re: fetchmail Message-ID: <20171115142322.GB57677@gmail.com> Mail-Followup-To: Matt Smith , Ernie Luzar , "freebsd-questions@freebsd.org" References: <5A0C4C88.70105@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <5A0C4C88.70105@gmail.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 14:23:27 -0000 On Nov 15 09:17, Ernie Luzar wrote: >Is there a more modern port that does the same thing as fetchmail? I use mail/getmail. It's written in Python 2.7 though. I'm waiting for the dev to update it to use 3.x. It works quite nicely though. http://pyropus.ca/software/getmail/ -- Matt From owner-freebsd-questions@freebsd.org Wed Nov 15 14:23:55 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9EC26DDE39D for ; Wed, 15 Nov 2017 14:23:55 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay15.qsc.de (mailrelay15.qsc.de [212.99.187.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 121316CE9A for ; Wed, 15 Nov 2017 14:23:54 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay15.qsc.de; Wed, 15 Nov 2017 15:23:46 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 5E7E73CBF9; Wed, 15 Nov 2017 15:23:45 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vAFENild007014; Wed, 15 Nov 2017 15:23:44 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Wed, 15 Nov 2017 15:23:44 +0100 From: Polytropon To: Ernie Luzar Cc: "freebsd-questions@freebsd.org" Subject: Re: fetchmail Message-Id: <20171115152344.d08dfe4f.freebsd@edvax.de> In-Reply-To: <5A0C4C88.70105@gmail.com> References: <5A0C4C88.70105@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay15.qsc.de with B1B47703802 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1528 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 14:23:55 -0000 On Wed, 15 Nov 2017 09:17:44 -0500, Ernie Luzar wrote: > Is there a more modern port that does the same thing as fetchmail? What is "un-modern" about fetchmail? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Wed Nov 15 14:57:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D661DDF183 for ; Wed, 15 Nov 2017 14:57:35 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E32106E0C7 for ; Wed, 15 Nov 2017 14:57:34 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x233.google.com with SMTP id t11so1811010iof.13 for ; Wed, 15 Nov 2017 06:57:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-transfer-encoding; bh=otSx5kFmU5F7epQBmt/uf75FjbSH4He37YVXeQa3oaw=; b=UBHel3qjj29RSjzmXgwtWyo6fufVqdeUr2KtNizcCMD6u+hp0rYam87mjTuvaSJVpQ cq+Pc7gSyPwkC1xusfIyoehFqIMnXV9n5EvOsOZY/LmbthmSmyRRyg/agJvjfaDqrVmV 02h4RgSyafWBCDgebt5c+Dg0WwOTHWAj1p8PgrPQ6uFwhXimELrnctq19yzihWGxvY2M dv5YPGRSw68/qeBgyQ9eF5GugMIVWOZzOx7weABqsPubQV4r5HGahMKuw4Ryf5nWvbHY kIOGh5tCeTHK64H3MYyYwo2sV7QyiVKoao/Sk1Q/LWuogCEYCfggsvkL+Su7S4dL4LuS qBTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-transfer-encoding; bh=otSx5kFmU5F7epQBmt/uf75FjbSH4He37YVXeQa3oaw=; b=jn32PwLYaYgCoaUTRC87voUGsfSjxs6ZmGNwGsbclsAF6ABWQKUIBXQW9LARpRVmgv FaMj10gL0rtcYsSKIKJn4Se3OmRscJLVmdvIt6Cu+zqxoM9uCkH1sNveLh1Kvi+Q/jht 80tteFJuehpPRMLYV8fKMTHc03C8FMHCIT5CTmGIPdKmvjfZ+Sk1+xmA8AvrQge3gZsM UoG9LAfBt8w41MI15MyHDZR3SH9dIEqkBVPOfhiJnmePtj4dajFB9asO+BEbRhEPhEXk gWlIFJ1GCJMaKYoXHcDMPrsVbBzGzoCeTo5FQL0VILxASsuod7AoKEPNFQ8UTnJJX9da hhRw== X-Gm-Message-State: AJaThX6X9q0V59z/HeCSCa9QJmYixzKDzQH8HhGqVo4nCoN40xwYFbKv StGKcsgw0HVVUbLBzd9wXW1Ilw== X-Google-Smtp-Source: AGs4zMYAbwUD0UoPwO3EW3B6p4JRxn4PZOOA4SkRvXD6AElOzrViN73vPohScBE+/Da74dOA/FdomQ== X-Received: by 10.107.10.69 with SMTP id u66mr3237183ioi.230.1510757853969; Wed, 15 Nov 2017 06:57:33 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id o190sm9844470ioe.71.2017.11.15.06.57.33 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Nov 2017 06:57:33 -0800 (PST) Message-ID: <5A0C55DE.9080008@gmail.com> Date: Wed, 15 Nov 2017 09:57:34 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: fetchmail References: <5A0C4C88.70105@gmail.com> <20171115142322.GB57677@gmail.com> In-Reply-To: <20171115142322.GB57677@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 14:57:35 -0000 Matt Smith wrote: > On Nov 15 09:17, Ernie Luzar wrote: >> Is there a more modern port that does the same thing as fetchmail? > > I use mail/getmail. It's written in Python 2.7 though. I'm waiting for > the dev to update it to use 3.x. It works quite nicely though. > > http://pyropus.ca/software/getmail/ > Looking for some thing without any run dependents. Thanks for your reply. From owner-freebsd-questions@freebsd.org Wed Nov 15 15:03:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A240CDDF56A for ; Wed, 15 Nov 2017 15:03:04 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 66B146E705 for ; Wed, 15 Nov 2017 15:03:04 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x22b.google.com with SMTP id 134so1856976ioo.0 for ; Wed, 15 Nov 2017 07:03:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=0OeSGSN6wADCLy4UUpJkyHg0ahiiDKMnTUI4RV1/0R8=; b=aqnTc9mfZETqqh30PG6UoabDqiE/LbyrB2ieBa8jsL7V43ygk3KPA+HAjxJYCfAWp4 4lArMJTI7AfjrAhXQP8sNUqRlcsXPPHsWtQTZIdVLt4hleqy2vyThE9xAcP9MawKQTFc 4edJ/RJ3Nqpv9TlehbkUIqNvWt2t6xWH7fz3QwAO4zVsFcyV3dS3yaLwwEzCWh2xB+s0 PJZ6weP4Tqca/lfO7KaTb4Y6BQHyrOGsPxUlwjiirRVqcWzxSfAxJA0WyvLSV/M0PqOa 4yT8OmVdTh++qS0sZA+yzsUPJcdLRss++dX4xCufI54d6NMrw8d5OVif1wJDXKv03Mzt g2xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=0OeSGSN6wADCLy4UUpJkyHg0ahiiDKMnTUI4RV1/0R8=; b=L67kqojplOpe1QbERrMcLwwjoUFudMiE1JlZhHq1GGTsci5rVrhzWH7g2eZhyMnUW0 BMA6YmxoporA5JRKPttGzDyllg8GnYcu/hVTEBCerHYqHGh5wI7Fe8zw4848FaqW6Vzi nKdWvpwxRgyIWsHvjyGc9z34Ow5l5RcPx7fhSN+3e/YcJVjxEaLfULbE5WB1mTL1tsNn B2K5mbV+M+yUG2QLy04VeJO7OHQV3HX/4dZ0PScunTcpd9vKyYhdJqj9IaYUpQPpaDg+ UEiaJNPd3iKLKwUI1y7z9Degjcen8pYe0eH6HQH6gqu+acRvPlbN7j3kWECSGpCYMSE3 +Ibw== X-Gm-Message-State: AJaThX4wmfpmvAbMgVmNz5/O1ZRRcxkpi7vAG3onlnfn8oCZSp81D9Hq FJLydLWRP7qPhleBaBX4mlI= X-Google-Smtp-Source: AGs4zMbU/YbEXBFLnUJ+eKTBdsgfWZyC8qjnyeXsaLHKKDYFwI8ZBp0mKJbGat2uOF6dIsghJcQkZg== X-Received: by 10.107.141.80 with SMTP id p77mr14571796iod.152.1510758183710; Wed, 15 Nov 2017 07:03:03 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id z95sm6777728ita.31.2017.11.15.07.03.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Nov 2017 07:03:03 -0800 (PST) Message-ID: <5A0C5727.7080105@gmail.com> Date: Wed, 15 Nov 2017 10:03:03 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Polytropon CC: "freebsd-questions@freebsd.org" Subject: Re: fetchmail References: <5A0C4C88.70105@gmail.com> <20171115152344.d08dfe4f.freebsd@edvax.de> In-Reply-To: <20171115152344.d08dfe4f.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 15:03:04 -0000 Polytropon wrote: > On Wed, 15 Nov 2017 09:17:44 -0500, Ernie Luzar wrote: >> Is there a more modern port that does the same thing as fetchmail? > > What is "un-modern" about fetchmail? > > It's been around for a very long time and I have been using it all most all that time. But lately been getting socket errors and other error messages. To lazy to spend the time right now to trace down the problem with the remote email provider. Though it would be quicker to try something different and if got same problem then will know problem is with other end for sure. From owner-freebsd-questions@freebsd.org Wed Nov 15 15:40:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D04FADE0408 for ; Wed, 15 Nov 2017 15:40:28 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay10.qsc.de (mailrelay10.qsc.de [212.99.163.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5BB3C6F8D1 for ; Wed, 15 Nov 2017 15:40:27 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay10.qsc.de; Wed, 15 Nov 2017 16:40:19 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 750643CBF9; Wed, 15 Nov 2017 16:40:18 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vAFFeHd4008198; Wed, 15 Nov 2017 16:40:17 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Wed, 15 Nov 2017 16:40:17 +0100 From: Polytropon To: Ernie Luzar Cc: "freebsd-questions@freebsd.org" Subject: Re: fetchmail Message-Id: <20171115164017.0af64123.freebsd@edvax.de> In-Reply-To: <5A0C5727.7080105@gmail.com> References: <5A0C4C88.70105@gmail.com> <20171115152344.d08dfe4f.freebsd@edvax.de> <5A0C5727.7080105@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay10.qsc.de with D3D66683A8F X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1874 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 15:40:28 -0000 On Wed, 15 Nov 2017 10:03:03 -0500, Ernie Luzar wrote: > Polytropon wrote: > > On Wed, 15 Nov 2017 09:17:44 -0500, Ernie Luzar wrote: > >> Is there a more modern port that does the same thing as fetchmail? > > > > What is "un-modern" about fetchmail? > > > > > > > It's been around for a very long time and I have been using it all most > all that time. But lately been getting socket errors and other error > messages. One suggestion is to use an IP instead of a hostname for the server to fetch messages from: http://www.fvue.nl/wiki/Fetchmail:_socket_error_while_fetching_from_mail.example.com I don't think this is an ideal workaround (as IPs might change). Also the suggestions here (from the fetchmail web page) could help: http://www.catb.org/esr/fetchmail/fetchmail-FAQ.html#R6 And another suggestion is to check if your configuration file has the "ssl" keyword added, for example with a configuration line in ~/.fetchmailrc (for user-local use) like this: poll pop.example.com proto POP3 user pass fetchall flush ssl If you don't add "ssl", but the server does not support non-SSL connections, such socket errors might occur. See "man fetchmail" for option details. > To lazy to spend the time right now to trace down the problem with the > remote email provider. It is possible that the problem (maybe just an SSL upgrade) is at the end of the provider, and you need to change your local configuration in order to adapt to that change. > Though it would be quicker to try something different and if got same > problem then will know problem is with other end for sure. Okay, so you're searching for an _alternative_ program for the same purpose, primarily for diagnostics and repair. ;-) In this case, getmail is probably a good thing to try. From its feature summary: - Retrieve mail from an unlimited number of POP3/IMAP4 mailboxes and servers. - Support for POP3-over-SSL and IMAP-over-SSL, as well as SDPS WARNING: even with SSL, "no certificate or key validation is done." so that getmail does not detect or protect from man-in-the-middle attacks. - Support for multidrop or domain mailboxes. - Safe and reliable delivery to qmail-style Maildirs, as well as program (pipe) delivery for use with arbitrary external MDAs. Includes an MDA for mbox files that supports mboxrd format and fcntl-type flock locking. - Does not destroy information by rewriting mail headers. - Does not cause mail loops by doing SMTP injection, and therefore does not require that you run an MTA (like qmail or sendmail) on your host. - Can remember which mail it has already retrieved, and can be set to only download new messages. - Written in Python, and therefore easy to extend or customize. - Simple to install, configure, and use. Source of list here: https://www.freshports.org/mail/getmail/ Documentation: http://pyropus.ca/software/getmail/ If this also shows you comparable errors, re-check the SSL thing. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Wed Nov 15 16:02:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5407EDE0F93 for ; Wed, 15 Nov 2017 16:02:40 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F26E17074F for ; Wed, 15 Nov 2017 16:02:39 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from torb.pix.net ([IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc]) (authenticated bits=0) by hydra.pix.net (8.15.2/8.15.2) with ESMTPA id vAFG2UQ6075350; Wed, 15 Nov 2017 11:02:37 -0500 (EST) (envelope-from lidl@FreeBSD.org) X-Authentication-Warning: hydra.pix.net: Host [IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc] claimed to be torb.pix.net Reply-To: lidl@FreeBSD.org Subject: Re: How to setup IPFW working with blacklistd To: Cos Chan , Ian Smith Cc: freebsd-questions , Michael Ross References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> From: Kurt Lidl Message-ID: Date: Wed, 15 Nov 2017 11:02:30 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 16:02:40 -0000 On 11/15/17 6:46 AM, Cos Chan wrote: > blacklistd.log: > Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 > for -1 seconds > Nov 15 12:15:40 res blacklistd[22100]: rule exists OK > Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 > for -1 seconds The "-1 seconds" looks fishy to me. What is the /etc/blacklistd.conf on this machine? -Kurt From owner-freebsd-questions@freebsd.org Wed Nov 15 21:27:56 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83C1BDE7C50 for ; Wed, 15 Nov 2017 21:27:56 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 26FD37CA17; Wed, 15 Nov 2017 21:27:56 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x230.google.com with SMTP id v186so5638269wma.2; Wed, 15 Nov 2017 13:27:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ft/Bdp82+IgtxCgEzUiHuO1PCLhNfATD9X5IjwRSpXA=; b=FeO/p6Dy8AkZIj1qKK4Yl+IVkI8AQZABHd1pW5LYqfmTXr3mcirLJ2LHcYgu95T0KB xMSGL+q7XQPykmtCy4NQsih4dgrLs0/kPuJBxZZFPnTp3bFjSmVz/mk51gOdrQnt3tOq Kv+l4HQrkfRwE6InJbSOdDcd740A+xyd/7T44aalFhji4m2BPEmsoBwpClv0ef/irphc FPllg/y8ahVfz0Q7MYPBRJI66xqHESjoHRSoQ8Z1CKtq6cCKvvptPttuqqr3WgWEzpo9 stm9VyQUEPn3/wrhuHxJNSsNjlC0cdf2Jk1KIsO26S3QFYkLIldyy//sRPH+QfZBCO2J +wPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ft/Bdp82+IgtxCgEzUiHuO1PCLhNfATD9X5IjwRSpXA=; b=kLiyYCFOkSItEX/RZoNSXNZoeKuYtU3UyGvT8STY5AoR3M1aRehZ2qJOIV+5iUaihP 9PK1ttfFG1eqbOXKX9OQa2G8ATL8rIDR6nEYMQQOuuFS91lof0jhtrsFVBeApVaAd78U 0BM/DT0VsCEfAr3k3hYODfXyMPbTbelk6lUCB6S+wgwyjhm9IO1KmqJu+OWj/wzCk4mP DNLkiBD5KdlFIrPm3QHwsPSWOKNuSXnxbNWnsZa5cTA6OGpdi+pM/W/Quh6EB5ynZq2r tHoH30C/XerfOue9lNXCiFzNHlHOH6vUoN1biAvnHU9U+vA9zVPs+csLus+Uj2aS0gYT /sBg== X-Gm-Message-State: AJaThX4b84taK7B4fJQCMJ53t+P02BOsvqyYGtvZR1SVntUR/VdojpML vwllgZQi7Fsp3vQxHVzgn1vSINiaQIM1jJIG7YebyUgx X-Google-Smtp-Source: AGs4zMbPxE3t5KRLdhErq/yWwNOlIMph8zSCMURjO3ea01OHM173Jxx1VDzIjn8UXWS3kulBhnJOQ9GPgVu2DMXMvmc= X-Received: by 10.28.69.91 with SMTP id s88mr12747663wma.19.1510781274154; Wed, 15 Nov 2017 13:27:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 13:27:53 -0800 (PST) In-Reply-To: References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> From: Cos Chan Date: Wed, 15 Nov 2017 22:27:53 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Kurt Lidl Cc: Ian Smith , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 21:27:56 -0000 On Wed, Nov 15, 2017 at 5:02 PM, Kurt Lidl wrote: > On 11/15/17 6:46 AM, Cos Chan wrote: > > blacklistd.log: >> Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 < >> http://132.148.128.234/32:22> for -1 seconds >> Nov 15 12:15:40 res blacklistd[22100]: rule exists OK >> Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 < >> http://132.148.128.234/32:22> for -1 seconds >> > > The "-1 seconds" looks fishy to me. > > What is the /etc/blacklistd.conf on this machine? the blacklistd.conf was here under while I got above logs: # adr/mask:port type proto owner name nfail disable [local] ssh stream * * * 2 * ftp stream * * * 2 * smtp stream * * * 2 * # adr/mask:port type proto owner name nfail disable [remote] > > > -Kurt > > -- with kind regards From owner-freebsd-questions@freebsd.org Wed Nov 15 21:56:30 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A474DE8812 for ; Wed, 15 Nov 2017 21:56:30 +0000 (UTC) (envelope-from starikarp@yandex.com) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 114477DA2F for ; Wed, 15 Nov 2017 21:56:29 +0000 (UTC) (envelope-from starikarp@yandex.com) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 72DD1444138F; Thu, 16 Nov 2017 00:56:02 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id sghV0qyMLc-u2X8C4Oo; Thu, 16 Nov 2017 00:56:02 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1510782962; bh=ztn8rwDPm+h+BTsUNjzMETINeIN7yO3DlgPsz8j8nNQ=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References; b=bCu662cFUjn/sG04EccXIavl3gziTy0oyMt6D9GHGvf3LQEyluu3fI7qh5Cbn1Mrr xe2k0bg+W64/E2FZsJ+vVX9Mml6jtjE5IaFchNbnrmSv7ys1LeGsHvgmRuaucgpDYV a5NoCzHTrgH32HHgwD6Z0VQQlMh1BgKORluVyeyg= Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id Xikn9VKhof-u0wC5Wjg; Thu, 16 Nov 2017 00:56:00 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1510782961; bh=ztn8rwDPm+h+BTsUNjzMETINeIN7yO3DlgPsz8j8nNQ=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References; b=g77HxJ/y/vBIP3WiQi5TdPMBVLRXrcNju1tzXEb3iG1S438q2olIcgBExKyb002iq BfA4OHF+oATJRHUANdLoXV93Ads9MzsFVwBwxpZdd3N9Y4450XIGBRX7flem0jHFy6 GWwUADrl/gPNdTF1aiF+gceJQf/Z8wHnDpZ1B0yc= Authentication-Results: smtp3p.mail.yandex.net; dkim=pass header.i=@yandex.com Message-ID: <1510782959.74436.0.camel@yandex.com> Subject: Re: Updating Instructions From: Stari Karp To: Arthur Chance , Baho Utot , freebsd-questions@freebsd.org Date: Wed, 15 Nov 2017 16:55:59 -0500 In-Reply-To: References: <34bd4349-0215-5341-3f32-b8d21afbde99@columbus.rr.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.2 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 21:56:30 -0000 On Tue, 2017-11-14 at 13:00 +0000, Arthur Chance wrote: > On 14/11/2017 12:47, Baho Utot wrote: > > > > > > On 11/14/17 03:29, Carmel NY wrote: > > > Out of morbid curiosity, I was just wondering why instructions > > > for > > > updating a > > > moved or discontinued port are never posted for "synth", like > > > they are > > > for > > > "portupgrade" or "portmaster" in the UPDATING file? An example > > > would > > > be the > > > recent 20171112 change in the devel/oniguruma* port. > > > > > > > > > I think it is because synth is a bads word around here > > More likely that very few of us knew about it. This thread was the > first > time I heard of it. I've been using poudriere since shortly after it > came out, and it works fine for me. > I am using it as came out and I do not have any problems with ports. From owner-freebsd-questions@freebsd.org Wed Nov 15 22:13:43 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F043DE8D87 for ; Wed, 15 Nov 2017 22:13:43 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x236.google.com (mail-wr0-x236.google.com [IPv6:2a00:1450:400c:c0c::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AF0A07E29E; Wed, 15 Nov 2017 22:13:42 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x236.google.com with SMTP id 15so21698521wrb.5; Wed, 15 Nov 2017 14:13:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pmyjU6+W/Jg0ps5LsEvwAANg4XLScp637fRA35dpsbc=; b=UH5bjG5e7b8FheHJZev63Ni+fOOi+ipdukUAqPYJe5OFiC9o7oYojqPcM30C7LAVB/ AwtNORpvptDyuH8b9ruba4RxibXbdIYx7IayaOmQv1zrN7V85aVeRAabZSVIK7uMfkKJ STWe/HBoPcYwrMY7H8BVFcGE/dE9gJOL2NboZi9anBLGpX5tGNMAbMQsUiumysPw2avP uPRdflZPd5et4jcoSYxrGXz1VdUSy+ukxoLlIgZOrFXsa7KcLs4y36FXCpThrlZxWsiB XAcrezKzvbnjgO9QH3NgOg2bZ+/r2ViyVbb45NCVuBCneWGzqE2GgL6KPf/oSzeh47Mu cmuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pmyjU6+W/Jg0ps5LsEvwAANg4XLScp637fRA35dpsbc=; b=AYuscqAtAtDDrAqIY5XoY4F+eP2toi4KPrOc8E2a/3N2kgCAnEKrS73ymLpiIEKxKR Kt3CBSxpCzB3URvonegd3wTehQzE7n+QCa9BxzP2/XDYp7I+gLQ/yiOEzVvxpHKieraX ou+/KX0tAABsr2Bdg3xzLzpYb2bu4RfcfRwQwk9k3HxID38Md2mhbPtHpAT4qn85swrq tA56HfEOxVo+V4VitdiFDlVfu7uk4V+28Hrd3GwLbzNfY8BFH8oUZHlJrnWkeda/LLkk Wuq3TwO/3zlJCKA86Xi59kmnhVvL6PbLoWSWRvU8UW/nxzQ+bB3oqpIMCQUflXIDFb6U dUPg== X-Gm-Message-State: AJaThX5N2O7Q+v5QNVIk5ripwYfLsv+S9Gytq5BlFsUoF4ocmIyftEMM KEyIudJo5SXUoOW6qiFeMp9OBn/TLNk5EtVW0wWkZK9W X-Google-Smtp-Source: AGs4zMa4NnmXB2XQKQHFDbV/mUlUed9BZAWcIu2VNsaNVcjYCVaghw4NmE+ZApNTaie1ckir0aTj2M8cJjDDuL2NiWE= X-Received: by 10.223.132.129 with SMTP id 1mr13373577wrg.136.1510784020637; Wed, 15 Nov 2017 14:13:40 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 14:13:39 -0800 (PST) In-Reply-To: <7961d19a-bc0c-6dc4-771e-f702ce741144@FreeBSD.org> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <7961d19a-bc0c-6dc4-771e-f702ce741144@FreeBSD.org> From: Cos Chan Date: Wed, 15 Nov 2017 23:13:39 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Kurt Lidl Cc: Ian Smith , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 22:13:43 -0000 On Mon, Nov 13, 2017 at 6:37 PM, Kurt Lidl wrote: > Greetings all! > > Sorry for not being response to your request for help sooner. > > I had a bit of a hardware crisis here last week, where > what I thought was merely a blown power supply turned > out to be a failed motherboard. Getting the 2.5" SAS > drives back up and running in a different machine took > far longer than I would have guessed. That, along with > a secondary MX host that was offline for the first 36 > hours after the main mail server went down was a cause > for additional excitement. > > Anyway. > > I've read through the mail exchange, although its a bit > hard to follow all of it. > > I'll offer a couple of observations about blacklistd > and how it operates, and maybe that will shed some light > on the problem at hand. If not, well, I'd like to start > fresh with the current configuration, and what you're > seeing on your host. > Sorry I didn't get this email before, thanks Ian forward me this mail. > > Observations that might help: > > 1) The blacklistd support in 11.0 was broken in a couple > of significant ways. The blacklistd support in 11.1 is > thought to be fully functional. If you're not running 11.1, > you will need to update to 11.1. > The FreeBSD is: 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug 9 11:17:49 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 > > 2) I only use blacklistd with 'pf' in my day-to-day usage. > I extended the support in blacklistd-helper to hopefully > handle both ipfw and ipf, and it seemed to work OK for my > test setup. HOWEVER, it is entirely possible that the way > I did the ipf/ipfw support has a flaw (or more) in it. > > 3) The changes to the various daemons to support the > blacklist just enable sending messages (and a copy of the > fd of socket) to the blacklist daemon. The blacklist daemon > will extract information from the kernel about the socket's > other end (ie, the information about the remote system), > and stores that information in a database. > > 4) After the information is stored in the database, the > blacklist daemon calls the blacklistd-helper script and > that script is responsible for modifying the firewall > rules that are in effect. If the script has a bug, it's > entirely possible that the information in the database > will be out of sync with the current firewall rules in > effect. > > 5) If you're experiencing a situation where the number > of login attempts is greater than the cutoff for the > service (e.g., the "1662/1" noted in the email thread), > that means that whatever firewall rule that is supposed > to be blocking the service isn't blocking the traffic. > (See next item for a case where the right rules are in > the filter, but you still get a "modest" overage of > attempts vs the cutoff.) > > 6) On a slow-ish single-CPU host (like the sparc64 that I use > as my gateway), it's possible to get more attempts than > the cutoff for a persist, high-speed attacker. > > Basically, it takes so long before the system context switches > to the blacklist daemon, and the entry gets added to the pf table. > Where "so long" is still less than a second, but the machine has > already seen 10 or 12 attempts! > > For example, here's a partial list of what my gateway is reporting > right now: > > root@gatekeeper-130: blacklistctl dump -a > address/ma:port id nfail last access > [...] > 61.126.187.219/32:22 OK 3/3 2017/11/12 17:31:40 > 156.212.51.78/32:22 OK 23/3 2017/11/12 19:09:38 > 179.53.156.109/32:22 OK 3/3 2017/11/12 19:58:57 > 220.174.236.220/32:22 2/3 2017/11/12 23:39:58 > 198.245.63.120/32:22 OK 3/3 2017/11/13 10:36:15 > > You can see a couple of "normally blocked" attempts (3/3), > a single IP address that has 2 of 3 attempts, and a very, > very persistent/fast host that got in 23 attempts before > it got blocked. > I understand. but you may see my problem is the number increased after blocked. > > 7) There was a note about different usernames from the same > remote host. The blacklist support currently does not > differentiate between usernames. It is just counting the > number of attempts from a remote IP address. > > There's unfinished support for having a "known bad" set of usernames, > where a single login attempt for that username will block > the remote address. This will allow (when finished), easy > blocking of the twenty or so most common usernames that are > probed. That is great. My problem is one connection one fail from sshd was not registered into blacklistd as one fail. > Hopefully this will help. > > -Kurt > > >> -- with kind regards From owner-freebsd-questions@freebsd.org Thu Nov 16 04:33:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76FF8DBC186 for ; Thu, 16 Nov 2017 04:33:11 +0000 (UTC) (envelope-from jguojun@sbcglobal.net) Received: from sonic305-5.consmr.mail.bf2.yahoo.com (sonic305-5.consmr.mail.bf2.yahoo.com [74.6.133.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3F9DA6BA27 for ; Thu, 16 Nov 2017 04:33:09 +0000 (UTC) (envelope-from jguojun@sbcglobal.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s2048; t=1510806788; bh=S+BANfls1y1ytW0SAR2R1zT+K2thCnm0ThQPwRtbEAg=; h=Date:From:Reply-To:To:Subject:References:From:Subject; b=NyZxK+AM5Jv898T/N2/1zS5ir1GygKfMifys3L75oWiyYWOj9gQBRBzSEn12AqWLUHpF43RL4MEHW5TGQGyILNW4/IkOiRHqIjj2j5cJZaug87t+DGrjcWMwtNeCPYTa4c6zrgTwnjwTx6aigRfW4G9RsqKVNEfZHJ2T0UKvEYOJ0PpyORqKQsZDlaRVrcnmtQMjgLOWz6m6AiwQrRpzYk9P9FIKFasJCWN69ux0CGbV7c+mW+jX+ciQ0aQuQJMr55VJWhDLH1Gh18ViBGnY/EPmBaacnxXLI9Af/aBSZYH03S9PBOvF1GExzONRFLGLxC7gHG6FyKrPt2p26raLFw== X-YMail-OSG: ppKCXwAVM1mlr.AkVqcy_KtJa8fpUpSWpMxDCuC1tA0hvUieBB6kZeafBR9hluF 3jXSKHwosUjr0YGeniJAGA8zIQtuhuYl8ixAhFIIqclN_6DR26epciDp2I2OUi4hTUovBBHDOVD4 F6s6Pi2NsUlKVoEys07ZYCkj8rFdimndwB74WONSmcjFj476BRHugqdBqzm61nC_W0.Z_BEo5dau wo15c6kaBsZCwmaYuDtKU4TzXs_iqTrEbaLfowxSrue6furRgZWzPKB.segORa0Yj5d8X6dRGenX AzU_Ph89_zJqmKFkrZztutRc0RiNQ_R4B.RKM.N3n3YGl7g4VBpsZyXjGnhwwwC8YoTVhBYMSwxB Ss5HYPa1.K_WMoPwwvrM6t3rV_X3IezX5gmxQQ_gUKxOyRBN6oq8ZG_1E0gSGfC8fpsQqAYPz8kF Kns_e3daYtJ4JPIIOX.nx84.d0YBw6b.8wVkcd4l2fC1vMm77dEpc9x3WRAdDVWe0t32pcZclp2S UPWsWhZ_oM3vjnv4KNepORnlZAfuZ Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Thu, 16 Nov 2017 04:33:08 +0000 Date: Thu, 16 Nov 2017 04:22:56 +0000 (UTC) From: Jin Guojun Reply-To: Jin Guojun To: FreeBSD Questions Mailing List , "freebsd-wireless@freebsd.org" Message-ID: <1549082696.1167092.1510806176761@mail.yahoo.com> Subject: AR9565 wireless chip support MIME-Version: 1.0 References: <1549082696.1167092.1510806176761.ref@mail.yahoo.com> X-Mailer: WebService/1.1.10942 YahooMailNeo Mozilla/5.0 (X11; FreeBSD amd64; rv:56.0) Gecko/20100101 Firefox/56.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 04:33:11 -0000 Although the handbook does not says that Atheros AR95xx has been supported in current stage, ath(4) in both 10.4-R and 11.1-R seems able to connect to the AP with a short life.wlan0 can obtain the IP address via DHCP, but just cannot stay connected after getting the IP (no carrier). Is anywhere in the driver we can tweak to make this chip works? Thanks,-Jin From owner-freebsd-questions@freebsd.org Thu Nov 16 07:27:23 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E4D9DC10DF for ; Thu, 16 Nov 2017 07:27:23 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 089BF709E3; Thu, 16 Nov 2017 07:27:23 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x22a.google.com with SMTP id k61so22530141wrc.4; Wed, 15 Nov 2017 23:27:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6me66daE1+KP1p51r/ZyKtS79R5fVpIiTPl5c981VJs=; b=XKeBc7djAMLs3GedyOSqPH3cLy3BWfGiCAAof53s2+BtXsFGk8YYgCIo/pst2Urhho uDMC0LSk3qX3Zwx23ZeT8IC5q9oaONfSiefMvZ9NWk5C7coclSPbhAmwbti3jpG+FZ5s sAgH/EyMxdChIIjhfnD6Zn3ACLK9IMq0Kv//zCg57KmD7y9JJdMrpVIRAF1+t4XZYDhN mM3r7yTI7tEkTSbqloz/tUY5xuTK4mqGCpHYDYzHZPgxn8ZMnuIVcSjX13vbb0kRFIRJ EzKrqmCBfox/MGUk9J5maW6tpCOXS09Rkopwwh4bbL7K11b75V5BJ6mT/ws6EEp3VKO4 IWCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6me66daE1+KP1p51r/ZyKtS79R5fVpIiTPl5c981VJs=; b=qi6hvyeit/ijrrVErqSc201MPyBGpPPiYEJLT2P6utuqVxJfUxBBiulrzRMM3ymK94 5TsMhsSHh7+bZgurpQGOHClBUyMjWH3sXBfvtCmyBqdLsa2nH/EYZAqCLmz+Ja+FlRud zll5M/fbKbcBpWImDyu03hkYytTolApgZTssDvXZjJ1s6XiZltWtdKmE6sNTaNTAWVDD 43UpLk6uz5W2l9X3DN4ZHQeTnkRKrxwALWJ/1l5EfuEWeQwRC8Xk7P5qzqbGdpZxuH7P Xaw6csgh6RsN02NXZQKbpzjosJnslXGlgvfjmP9XG7KJrJiim5vK7d+BzwfNDj8PaGRK Qpjg== X-Gm-Message-State: AJaThX7elG7xd7jBSQ3wcbz4lajWb8lfr1KkClmJeCyIhCefa3qQSLFV ALsHty3nn4Yii4Ndz5rhSkAW6gAcn7Dk1SHKOCeTFgib X-Google-Smtp-Source: AGs4zMZsQtNLPJI+VzuDImJUKqAcpecFCqG6vrbOwSpUbp3LVbnSBoN3FI8tpC7jYXAibt+JkEntKpR9/zV0TA/BhI0= X-Received: by 10.223.132.129 with SMTP id 1mr566620wrg.136.1510817241343; Wed, 15 Nov 2017 23:27:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 23:27:20 -0800 (PST) In-Reply-To: References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115185528.V72828@sola.nimnet.asn.au> From: Cos Chan Date: Thu, 16 Nov 2017 08:27:20 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Michael Ross , Kurt Lidl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 07:27:23 -0000 >> >> > > You might instead try MaxAuthTries 4 .. sshd_config(5) says: >> > > >> > > MaxAuthTries >> > > Specifies the maximum number of authentication attempts >> > > permitted >> > > per connection. Once the number of failures reaches >> half this >> > > value, additional failures are logged. The default is >> 6. >> > > >> > > Half of 3 as an integer is only 1, but half of 4 is 2. See if it >> helps? >> >> > I didnt change the MaxAuthTries, since I found something interesting >> from >> > the different logs concerning that issue: >> > >> > >From blacklistctl dump: >> > >> > $ sudo blacklistctl dump >> > address/ma:port id nfail last access >> > 78.203.146.34/32:22 0/1 1970/01/01 01:00:00 >> > 195.225.116.21/32:22 0/1 1970/01/01 01:00:00 >> > 123.31.26.123/32:22 0/1 1970/01/01 01:00:00 >> > 112.148.101.13/32:22 0/1 1970/01/01 01:00:00 >> > 93.23.6.18/32:22 0/1 1970/01/01 01:00:00 >> > 5.102.197.124/32:22 0/1 1970/01/01 01:00:00 >> > 193.154.127.32/32:22 0/1 1970/01/01 01:00:00 >> > 113.232.216.41/32:22 0/1 1970/01/01 01:00:00 >> > >> > >From sshd log: >> > >> > Nov 10 17:57:41 res sshd[49839]: Invalid user pi from 193.154.127.32 >> > Nov 10 17:57:41 res sshd[49840]: Invalid user pi from 193.154.127.32 >> > Nov 10 17:57:41 res sshd[49840]: input_userauth_request: invalid user >> pi >> > [preauth] >> > Nov 10 17:57:41 res sshd[49839]: input_userauth_request: invalid user >> pi >> > [preauth] >> >> Note the two different PIDs on these, indicating sshd handling two >> separate connections. From above, MaxAuthTries limits the maximum >> number of attempts _per_connection_. So each of these indicate only one >> (or possibly two, as again from above, only those greater than half of >> the maximum (here 3/2 = 1) are supposedly logged by sshd). >> >> I don't know just what sshd reports to blacklistd in what circumstances, >> nor how those are reflected in blacklistd's logging .. Kurt likely does. >> >> > Nov 11 03:50:47 res sshd[57896]: Invalid user support from >> 123.31.26.123 >> > Nov 11 03:50:47 res sshd[57896]: input_userauth_request: invalid user >> > support [preauth] >> > Nov 11 03:50:47 res sshd[57896]: error: Received disconnect from >> > 123.31.26.123 port 55811:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> That's on one PID, ie one connection. Less than three failures on it. >> >> > Nov 11 03:50:49 res sshd[57898]: Invalid user admin from 123.31.26.123 >> > Nov 11 03:50:49 res sshd[57898]: input_userauth_request: invalid user >> admin >> > [preauth] >> > Nov 11 03:50:49 res sshd[57898]: error: Received disconnect from >> > 123.31.26.123 port 57823:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> Ditto. >> >> > Nov 11 03:50:51 res sshd[57900]: Invalid user admin from 123.31.26.123 >> > Nov 11 03:50:51 res sshd[57900]: input_userauth_request: invalid user >> admin >> > [preauth] >> > Nov 11 03:50:51 res sshd[57900]: error: Received disconnect from >> > 123.31.26.123 port 59819:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> Another. >> >> > Nov 11 03:50:53 res sshd[57902]: Invalid user ubnt from 123.31.26.123 >> > Nov 11 03:50:53 res sshd[57902]: input_userauth_request: invalid user >> ubnt >> > [preauth] >> > Nov 11 03:50:53 res sshd[57902]: error: Received disconnect from >> > 123.31.26.123 port 61795:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> Again. >> >> > Nov 11 03:50:55 res sshd[57904]: Invalid user PlcmSpIp from >> 123.31.26.123 >> > Nov 11 03:50:55 res sshd[57904]: input_userauth_request: invalid user >> > PlcmSpIp [preauth] >> > Nov 11 03:50:55 res sshd[57904]: error: Received disconnect from >> > 123.31.26.123 port 61920:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> Again. >> >> > Nov 11 03:50:57 res sshd[57906]: Invalid user admin from 123.31.26.123 >> > Nov 11 03:50:57 res sshd[57906]: input_userauth_request: invalid user >> admin >> > [preauth] >> > Nov 11 03:50:57 res sshd[57906]: error: Received disconnect from >> > 123.31.26.123 port 61949:3: com.jcraft.jsch.JSchException: Auth fail >> > [preauth] >> >> And yet another. There's no indication that sshd is - or is supposed to >> be - keeping track of separate connections from the same IP address. >> > > I agree that sshd should not keep track the IP, but blacklistd should do. > > >> >> > I see 2 problems: >> > >> > Problem 1: >> > The IP 193.154.127.32 didn't reach sshd maximum authentication (=3), >> it >> > tried only 2 times. >> >> Perhaps rather, only once or twice on each of two separate connections? >> >> > But in my opinion it should be recorded to blacklistd as 2/1 instead >> of 0/1. >> >> I gather that it would take 3 failed logins on any _one_ connection to >> report it as _one_ failure to blacklistd. >> > > is this reasonable? in case one IP was using thousands connections which > failed once per connection, then it will never be banned by blacklistd > (unless the maxauth of sshd is 1)? > In that case I test sshd MaxAuthTries=1 and blacklistd nfail=1 and still get wired entry. $ sudo blacklistctl dump address/ma:port id nfail last access 57.83.1.58/32:22 0/1 1970/01/01 01:00:00 $ sudo cat auth.log | grep 57.83.1.58 Nov 16 07:04:17 res sshd[31112]: Invalid user pi from 57.83.1.58 Nov 16 07:04:17 res sshd[31113]: Invalid user pi from 57.83.1.58 Nov 16 07:04:17 res sshd[31112]: Connection closed by 57.83.1.58 port 51140 [preauth] Nov 16 07:04:17 res sshd[31113]: Connection closed by 57.83.1.58 port 51144 [preauth] $ cat blacklistd-helper.log | grep 'Nov 16' ... Thu Nov 16 07:01:28 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 120.237.88.186 32 22 Thu Nov 16 07:14:05 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 139.59.111.224 32 22 No action from blacklistd-helper? how could that entry be added to database? no logs concerning from blacklistd either $ cat blacklistd.log | grep 'Nov 16' ... Nov 16 07:01:28 res blacklistd[23916]: blocked 120.237.88.186/32:22 for -1 seconds Nov 16 07:14:05 res blacklistd[23916]: blocked 139.59.111.224/32:22 for -1 seconds > > >> >> -- with kind regards From owner-freebsd-questions@freebsd.org Thu Nov 16 10:47:56 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 509AEDD8E52 for ; Thu, 16 Nov 2017 10:47:56 +0000 (UTC) (envelope-from louisparker88@weboptimizes.com) Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E28BF75C36 for ; Thu, 16 Nov 2017 10:47:55 +0000 (UTC) (envelope-from louisparker88@weboptimizes.com) Received: by mail-wm0-x243.google.com with SMTP id l8so8452257wmg.4 for ; Thu, 16 Nov 2017 02:47:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weboptimizes.com; s=google; h=mime-version:sender:from:date:message-id:subject:to; bh=+rkeElO292UjiMk/AjAPEmjjuf69ukbStbRWgJBbKKk=; b=HTMA7RE4m/hfyH6LnZNsy339YjVUGgelGzsle5Z0/0vHBfn3gvB6mN6Yiln8z9etGh DEpIdzomus5aSxfmRWObx9Zu93YKAxOdRMFedDLPaC+h2JNJmbk+O3BYAUuzY5ZQmMjC mLpVC4LzHenRE7/CVp1jVRxgSSIGw7TUX3vsk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=+rkeElO292UjiMk/AjAPEmjjuf69ukbStbRWgJBbKKk=; b=PAhjaX0IFzShdzLF2vg6pzY51oi9AOJAQaNUZhYKGeqNiy0qxbGvcvgAsPji+zKypN J71MSf3QXU8quGKJKBng/+C208YHnSRGPTz6dWtZ2P+8sp/aPF7o/OWSnGLA7u4zb/wh gIeP2IUJsu/RHuvU2kwQZ5nPSq+gRjuiWVFA+T2Ew7cAv9kH5a3QhD6dpKfnPywzESEn lj15e4b9H4x8Fuuc4Wp5i8wnMNA2aeGX5zsUjsX6YhNh0Il9I8QtYTowCzcMpf/eHJQU 6XYQ+tLREG2cUeK9MlQ1jXG3Fl/37Q535YZfk5bg7yaa6P05h7Fesp1sha8ldRJs6rD8 viHg== X-Gm-Message-State: AJaThX44Bzn4HoZMLYTa9dXnEJU1TozBTnNtYMdkCFo1oMDUdWpfWWXH HgG88hAAf7YOlIfHpq3U4lzsApuqNObvcPl0nBumYg== X-Google-Smtp-Source: AGs4zMZ8/Qy78FWrlYEiqPguD2kvTk5ZSr0cWB5GDqdAeMcE7k2pRDKrhcuP9aqlY4iRnIz50izDZKC8s+23Scf4lIA= X-Received: by 10.80.231.4 with SMTP id a4mr2070526edn.268.1510829273943; Thu, 16 Nov 2017 02:47:53 -0800 (PST) Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST; Thu, 16 Nov 2017 05:47:53 -0500 MIME-Version: 1.0 Sender: Louis Parker From: Louis Parker Date: Thu, 16 Nov 2017 05:47:53 -0500 X-Google-Sender-Auth: dGZjUyVghjQFMwVAzGz5GazGU2Q Message-ID: Subject: New Ways to Improve Your Google Rankings To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 10:47:56 -0000 *Hello freebsd.org Team,* *Get your website on Google=E2=80=99s Front Page search: *We would like to = have a discussion with you regarding the web promotion strategy for your website. We wish to work out a proposal to strengthen the online presence of your website, via, a strategically planned web promotion campaign. In today=E2= =80=99s online era, you should be focusing on the new revolutionary ways of generating traffic We were curious to know if you were aware that are a few issues bugging your website. Sorting out these will help you get the best returns out of your website. Your website seems to be attracting traffic, but this traffic is almost stagnant and limited, which affects potential sales as you move forward. Your website doesn't feature in Google's first search page for some of the major keywords in your niche, which affects visibility. Your website has been diagnosed with coding issues, which affects ranking. Your back links profile is not efficient enough to help your search engine visibility. Your website is currently not being properly promoted online, which is affecting your marketing strategy and goals Your presence in social media platform (*Facebook, Twitter, etc.*) is minimal. This is depriving you of a huge market of prospective referral clients. We excel in running promotional online marketing campaign for websites. We have a host of ethical services and techniques, which you can utilize to improve your website's performance. We could send you more details regarding your present website status; we would be glad to share =E2=80=9C*= PRE SEO REPORT=E2=80=9D* or =E2=80=9C*WEBSITE ANALYSIS REPORT* for *FREE=E2=80=9D*. *Kindly revert back if you are interested, then we can send you more detail about package which will improve your sales & website ranking too. *Hope to get early response. Best Regards, *Louis Parker| Senior Sales Advisor *______________________________ ___________________________________________ *PS1:* Please answer to our email with *=E2=80=9CInterested*=E2=80=9D or *= =E2=80=9CNot Interested*=E2=80=9D so that we will know the status of your inquiry and act accordingly. If you are interested then I will send more details on our *=E2=80=9Ccorporate ide= ntity=E2=80=9D, =E2=80=9Ccompany profile=E2=80=9D, =E2=80=9Cwhy you should choose us?=E2=80= =9D, =E2=80=9CPrice list=E2=80=9D, =E2=80=9Cmoney back guarantee=E2=80=9D*. *PS2:* I found your site using Google search and after having a look over your website I recommend you to implement future technologies such as HTML5 and Responsive Design to make your site more accessible in mobile phone, tablets, desktop etc. [image: beacon] From owner-freebsd-questions@freebsd.org Thu Nov 16 14:54:07 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D842DE0026 for ; Thu, 16 Nov 2017 14:54:07 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 64F157D95E; Thu, 16 Nov 2017 14:54:05 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vAGErsas022792; Fri, 17 Nov 2017 01:53:54 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 17 Nov 2017 01:53:54 +1100 (EST) From: Ian Smith To: Kurt Lidl cc: Cos Chan , freebsd-questions , Michael Ross Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171117005738.V72828@sola.nimnet.asn.au> References: <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 14:54:07 -0000 On Wed, 15 Nov 2017 11:02:30 -0500, Kurt Lidl wrote: > On 11/15/17 6:46 AM, Cos Chan wrote: > > > blacklistd.log: > > Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 > > for -1 seconds > > Nov 15 12:15:40 res blacklistd[22100]: rule exists OK > > Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 > > for -1 seconds > > The "-1 seconds" looks fishy to me. > > What is the /etc/blacklistd.conf on this machine? Whether or not the first block succeeded, which if it had, should have precluded another one two minutes later .. just on this point: -1 here means "never remove" ie duration='*', like nfail='*' is also set to -1 for 'never block'. Noticed in .. [ here /usr/head/src/contrib/blacklist/ ] bin/blacklistd.c: update(void) [..] if (c.c_duration == -1 || when >= ts.tv_sec) <<<---- continue; if (dbi.id[0]) { run_change("rem", &c, dbi.id, 0); sockaddr_snprintf(buf, sizeof(buf), "%a", ss); syslog(LOG_INFO, "released %s/%d:%d after %d seconds", buf, c.c_lmask, c.c_port, c.c_duration); } state_del(state, &c); One of the problems with blocklistd-helper is that return codes from it are mostly not checked, in some cases it's run as (void)run_change(..) so it's dependant on the helper script succeeding, and simply ignores any indicated failure - except possibly for an add operation, where it returns -1 if it gets a NULL response (empty string I assume) otherwise it returns 0 after copying the output string to the id (here always OK) .. but it seems nothing cares about the return code eithe rway .. A bit more about making the script more robust - and more informative for debugging, at least re ipfw - is slowly brewing, but I'm running out of spare time at the moment, and will have to quit digging this deep into code I'm unlikely ever to run myself :) [ Cos, do you get any different behaviour if you set duration to some value other than '*'? 30d should be near enough forever for testing ] cheers, Ian From owner-freebsd-questions@freebsd.org Thu Nov 16 14:57:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A633DE01B1 for ; Thu, 16 Nov 2017 14:57:40 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F0BF07DA9C for ; Thu, 16 Nov 2017 14:57:39 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from torb.pix.net ([IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc]) (authenticated bits=0) by hydra.pix.net (8.15.2/8.15.2) with ESMTPA id vAGEvVAR073774; Thu, 16 Nov 2017 09:57:38 -0500 (EST) (envelope-from lidl@FreeBSD.org) X-Authentication-Warning: hydra.pix.net: Host [IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc] claimed to be torb.pix.net Reply-To: lidl@FreeBSD.org Subject: Re: How to setup IPFW working with blacklistd To: Cos Chan , Ian Smith Cc: freebsd-questions , Michael Ross References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115185528.V72828@sola.nimnet.asn.au> From: Kurt Lidl Message-ID: <5bfc5ffc-dc78-78e5-4bb8-a166db2027b5@FreeBSD.org> Date: Thu, 16 Nov 2017 09:57:31 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 14:57:40 -0000 On 11/16/17 2:27 AM, Cos Chan wrote: > In that case I test sshd MaxAuthTries=1 and blacklistd nfail=1 and still > get wired entry. > > $ sudo blacklistctl dump >         address/ma:port id      nfail   last access > 57.83.1.58/32:22            0/1     1970/01/01 > 01:00:00 > > $ sudo cat auth.log | grep 57.83.1.58 > Nov 16 07:04:17 res sshd[31112]: Invalid user pi from 57.83.1.58 > Nov 16 07:04:17 res sshd[31113]: Invalid user pi from 57.83.1.58 > Nov 16 07:04:17 res sshd[31112]: Connection closed by 57.83.1.58 port > 51140 [preauth] > Nov 16 07:04:17 res sshd[31113]: Connection closed by 57.83.1.58 port > 51144 [preauth] > > $ cat blacklistd-helper.log | grep 'Nov 16' > ... > Thu Nov 16 07:01:28 CET 2017 /usr/libexec/blacklistd-helper run add > blacklistd tcp 120.237.88.186 32 22 > Thu Nov 16 07:14:05 CET 2017 /usr/libexec/blacklistd-helper run add > blacklistd tcp 139.59.111.224 32 22 > > No action from blacklistd-helper? how could that entry be added to database? > > no logs concerning from blacklistd either > > $ cat blacklistd.log | grep 'Nov 16' > ... > Nov 16 07:01:28 res blacklistd[23916]: blocked 120.237.88.186/32:22 > for -1 seconds > Nov 16 07:14:05 res blacklistd[23916]: blocked 139.59.111.224/32:22 > for -1 seconds Pre-auth failures from sshd, where the username isn't found ("Invalid user pi"), don't count against failed login attempts, because no authorization was ever attempted by sshd. I made the decision not to count these against the limit in blacklistd. There is a message sent from sshd to blacklistd when this occurs (bad username), but this is the part that isn't implemented in the backend, for banning addresses that hit known-bad usernames. I suppose the case could be made that a bad username is just as serious as a bad password for an existing username. But that's not what the code does currently. Obviously, the code could be changed to act differently in this case. Blacklistd did not originally have any message types, other than "login successful" and "login failed" for each address. The "login successful" messages cleared all failed login attempts for a given address. The "login failed" messages added one to the count of failed logins for an address. If the count was over the limit for that service (aka port), an attempt to insert rule(s) into the packet filter to block that address. I've added the "abusive behavior" message type, so an application can signal blacklisted that they want the remote address blocked immediately. The only thing that sends that is the patches to sendmail that I have been testing. (Not even the patches in the /usr/ports do it yet, as that capability didn't exist when I wrote that set of patches.) The sshd daemon (currently) never sends "abusive behavior" messages. The "bad username" message (again, not yet implemented in the backend), is intended to allow the administrator to configure a list of bad usernames. If usernames on this list are flagged from an application, the remote address is should be blocked immediately. I've struggled a bit in terms of the design for this -- the list of usernames cannot be tied to password file entries - obviously one might like to have "pi" on the list of forbidden names, even though no account exists. I've also torn about the right way to link up the blacklist rules with the name of the list of bad usernames to check against. While I imagine more admins would like to have a single list of bad usernames, and use that one list for smtp, sshd and whatever else, others might want to have different lists for one or more services. I really should implement *something* and just accept that it will be flawed and need refinement. -Kurt From owner-freebsd-questions@freebsd.org Thu Nov 16 19:29:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EACD0DE6BD3 for ; Thu, 16 Nov 2017 19:29:31 +0000 (UTC) (envelope-from javocado@gmail.com) Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A56CF66FDC for ; Thu, 16 Nov 2017 19:29:31 +0000 (UTC) (envelope-from javocado@gmail.com) Received: by mail-vk0-x233.google.com with SMTP id n63so82078vkf.2 for ; Thu, 16 Nov 2017 11:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hDceJr8HgZilo+tUaX3RCARqWPquVgNv/rR5h75IXQU=; b=Sn6qq3DLn6RBSOZy3/tRIeA0MObVVQd/jLNe3nzDEBsgWhVqVvw190BcfKJWxXJoWE De4PDmCZp3FBsMS7wy8eG9oGZuAb7HA6/yjsuYv4UwFAIJSbYepZDUJlgtH5fnUgNZfC vH6gmBFBMZ/U66vQ/VPavFzPnhhidpIZsfvA3BbGY+8g1+hFVLwSTdLiBzzPwFjBLkSe N7bFqoMqW8LrRM1WfXhbodRG/dWznslIzLWBBdfIZaKmIM4lcfR+La1Kye/771YeIxh9 51D6l/Du+dk9SyD9VktGbpSO9hKyH51xeoFhAwnyrf9ZicJ+CCEw8GSkCY5PBJzIRgV5 beWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hDceJr8HgZilo+tUaX3RCARqWPquVgNv/rR5h75IXQU=; b=n3pFCM1qg2g2y1TWHLi2CEpHt+Yk2sQliH/YGYpOfDwH1fV8htJXzufUZ8Ze1nXMDL N8L+tfhBlM3kzz/EFnEK5XwfCoMeAKtN7sAbnY1JOMLFa1XAMEvrXVGjuxBffROIsA8G mWNGZM3GpP6OXGrG4I8nUoSLGmk1joHsgp1GugvSniIxiCX+NZIbSeolMozyHmmqDwMa n7EWso+6pfK96X7f9galmS5ERM+2tLv6DkKKySnj/XJwUtLyjpLhs4epWjNhZyI2wRLj ObCCNE5kfRZ+1TWikhO+WOej2oLL8JUjYDKZKPuvIdg1dWx0w/+OG2PI/7T3vsvQVi4/ CK4A== X-Gm-Message-State: AJaThX6RfZA4Vvm8Ib3MRlAJU5QP4fUQMU+ednX5/+i/f8DN45yRxVAv bxrp880ve4k5a9KhyOVNDhkhsMshi4K1BSms/+rqxw== X-Google-Smtp-Source: AGs4zMa7JRP3aX7R4uPoAq/ijs+8HnmHDojalYCa8o/r5as5FPMXKzEWD1idskNx45qPuG/44W4rgeHuHpjRQa7VKOE= X-Received: by 10.31.57.65 with SMTP id g62mr2147349vka.73.1510860569984; Thu, 16 Nov 2017 11:29:29 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.198 with HTTP; Thu, 16 Nov 2017 11:29:29 -0800 (PST) From: javocado Date: Thu, 16 Nov 2017 11:29:29 -0800 Message-ID: Subject: IPFW: Why can I add port numbers to established and what does that do ? To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 19:29:32 -0000 Almost every single ipfw ruleset I create has this as the very first rule: allow tcp from any to any established ... and I just noticed that ipfw allows me to specify a port on this rule: allow tcp from any to any 22 established If I create a new connection to port 22, I need a rule to allow port 22 traffic out: allow tcp from any to any 22 ... but once that connection is established, doesn't the client begin talking to the server on an ephemeral port (not 22) that isn't predictable ? Why would it ever make sense to specify a port on established ? From owner-freebsd-questions@freebsd.org Thu Nov 16 19:30:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6718ADE6C89 for ; Thu, 16 Nov 2017 19:30:11 +0000 (UTC) (envelope-from javocado@gmail.com) Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 20CFD670B1 for ; Thu, 16 Nov 2017 19:30:11 +0000 (UTC) (envelope-from javocado@gmail.com) Received: by mail-vk0-x22f.google.com with SMTP id h82so77794vkf.7 for ; Thu, 16 Nov 2017 11:30:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=krQpAQSbUWBGeOP8RnP4gxbbN9RPGl7epJaCHLh7xbE=; b=l7VecRRX94nv4DWNvUWfGA8/AZgNdtXQrywDWvOduk7WFyPaY+QMmLRrOsDiOoqJ67 9nCyVY+FGLspSWhGQUfaCoPmW3qTQFBK/kI+iEXqyVmxCtJn8VYC+5iAdyAthqsppL2V rPe7EAHbS/Lf3A4DsfjpRQ5t8xZsew27YMu7TfAf5ef1nIAb3vKKIRA34NX0sfiAuewS /Eq9EfYAf+TxcCuSCz9fX0Bfdt484cjlhu3s++m5ks80GTcCGQBj12hQSRAo3TAIUbeN CNlx+YpP3tpFcSSYGCCZngeWgqNPziB3iZuT/yD8PN+p7kr9P7BbkKdCjCovdFNrrmUb Wv6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=krQpAQSbUWBGeOP8RnP4gxbbN9RPGl7epJaCHLh7xbE=; b=gK0FBvd0+2cMtrD9Y13Dz2GBinpNatBe2MlZC+jLfIniH8mqBgFCLJMgtIzbQwPTrn brIdlgPRoW2cKCN9pTPKXdv6TfpEWLHaKGkZFtlCCknbn18aOD82pTAFDDsJ+vaeNHse YMjZOud6Q8FLdkGAW3y9SaF8PBqufT3pEHQ8S8m1Fi4PeeUMZUke7FgpVuw+vxe9hhzE fKwveOzoaB47/4P236ihImD2+vVGJ4gXHEdLrLrDUN4DBFRVIxutwwkc/84aHoCRo3K6 UHXyvMZQZKCIlM6w6wwyrjO23ecc+heOwPkJShT+q5JhTmUkQW3m0kfjGynUjqrm5scS dieg== X-Gm-Message-State: AJaThX5k8AxSQZoditePpQj9hZX0mdJLlSg0Et6MMDixeEUkHxikFg3+ eH271KcGDny7to3L1We7r0Cf6y2prT5eZbUW813DMA== X-Google-Smtp-Source: AGs4zMa65dXNOmRIxhRbZEG3HcSfmfcfVUC0s6ZYw7q5bDya2dzhKr2RW79lC6+ak0cWVwB+4NvhOG1DZawwMCkebUk= X-Received: by 10.176.69.162 with SMTP id u31mr2518441uau.149.1510860610024; Thu, 16 Nov 2017 11:30:10 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.198 with HTTP; Thu, 16 Nov 2017 11:30:09 -0800 (PST) From: javocado Date: Thu, 16 Nov 2017 11:30:09 -0800 Message-ID: Subject: ipfw setup keyword - with and without ... To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 19:30:11 -0000 Here are two simple rulesets: Code: 10 allow tcp from any to any established 20 allow tcp from any to any 22 65535 deny ip from any to any OR: Code: 10 allow tcp from any to any established 20 allow tcp from any to any 22 setup 65535 deny ip from any to any The difference is that the second ruleset has 'setup' modifying the rule that lets in the traffic we want. >From what I can tell, in actual day to day use, these two rulesets behave identically. Am I correct: I *think* the difference between these is that the second ruleset (with 'setup') is slightly stricter because TCP *fragments* that are not part of any connection would be allowed through the first ruleset, but would be blocked by the second ruleset. Because only a TCP fragment would be *neither* part of connection setup *nor* part of an established connection. Is that correct ? From owner-freebsd-questions@freebsd.org Thu Nov 16 20:02:16 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5344DE7AC1 for ; Thu, 16 Nov 2017 20:02:16 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5D5436836B for ; Thu, 16 Nov 2017 20:02:15 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAGK23vO016880 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Nov 2017 14:02:03 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: javocado , freebsd-questions@freebsd.org References: From: Tim Daneliuk Message-ID: Date: Thu, 16 Nov 2017 14:01:58 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Thu, 16 Nov 2017 14:02:03 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vAGK23vO016880 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.898, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.10, RP_MATCHES_RCVD -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 20:02:16 -0000 On 11/16/2017 01:29 PM, javocado wrote: > Almost every single ipfw ruleset I create has this as the very first rule: > > allow tcp from any to any established > > ... and I just noticed that ipfw allows me to specify a port on this rule: > > allow tcp from any to any 22 established > > If I create a new connection to port 22, I need a rule to allow port 22 > traffic out: > > allow tcp from any to any 22 > > ... but once that connection is established, doesn't the client begin > talking to the server on an ephemeral port (not 22) that isn't predictable ? > > Why would it ever make sense to specify a port on established ? If you are running your own sshd *server*, then you need rules that allow all or some to connect *to* your machine. If you are running an ssh *client*, you need to first allow access *out* via port 22 to get to the remote servers. Thereafter - as you suggest - the server and client rendezvous and establish a permanent connection on another port (and the server goes back to listening on 22). So, the firewall has to permit access to the established session w/o knowing which port will be used ahead of time. ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Thu Nov 16 21:03:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B645DE921A for ; Thu, 16 Nov 2017 21:03:26 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DC1446A522; Thu, 16 Nov 2017 21:03:25 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x233.google.com with SMTP id y80so2771000wmd.0; Thu, 16 Nov 2017 13:03:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=p6tzpLfRtFTJ5+FHhiCAV/ZhvjehDukIkzPuuA4Mu5c=; b=BC2EGrbySKeU6z18gaou902/ProMDF4rIMQAVjOnF8E4EgP6ZzoPNrrg461HRGfGNO 3bFfN5geUat4W07eNxdZ/SLMcihhwlxZCQLYOGaCVl5FI+UlTmhBAZhR/fhooJOgvzk/ YAS49ozWKNch61cEQ7szPVgZ8wrmICoTyuId110UjHYA1Tgv605K+zUYOqVsRQZ265FE TJGmlH2Y4+193ukSzVma02EsLOYjckw9/OcChjDz4WHW76DCRrFJVK7irWU7dYmMseLE fgFfMxhDrf9FKzsK/NcYpdLSTTWZRNnIJoRSWFszIS1tfeQoOQ4Ranfsw3/i5E1a6Peg PpxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=p6tzpLfRtFTJ5+FHhiCAV/ZhvjehDukIkzPuuA4Mu5c=; b=t3t90usqDuWfp8y993GG7LXZgSZWlEp+IbrB/H7ZmukBy0Xzuu2IJ1Ea8hLvmMufrD 1nV0eAnJjoTiIaIuPmS53sVZEqzBzK9SDedQ1duabq0fM6L9xWxCr/YUQ/ZQxcZfn1oq w+7Cxayj6r2y+KIKli1lCqiUhdzEFwuGgR9Pvgh2QTaFvncE56Cgh0x6azwKiK12HZ6a y/8Qyxl+rfaoAXWB4U6oojGiDOPwYBSpwieR/uztC+68Sz0E+dLCc6cAPzcWL+8v3mXo Twyc3d1g6ue85jDQ4Mh6hBiQ53G3BXUoP0F/iZ9rEwSaDGy9D2Ht8baop3JLRniOOuSn QS5A== X-Gm-Message-State: AJaThX4jWVVZS/xh6Zio47bsoTzuUWH7O6H0hRinvYEBAQZqKveMDNnI Vyhp+GrHaXnEFaVZO/jbGGy6SKxwKw4TE45p2G8KC883 X-Google-Smtp-Source: AGs4zMYERyK9hzIbk1egKx3+e9gf1c62TiRk5/GgWVcAL14HWAE2tLSfmA/CxHLCJNjFm/sNRK7EV9BDykijib0Nkyw= X-Received: by 10.28.57.11 with SMTP id g11mr2266778wma.92.1510866203697; Thu, 16 Nov 2017 13:03:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Thu, 16 Nov 2017 13:03:22 -0800 (PST) In-Reply-To: <5bfc5ffc-dc78-78e5-4bb8-a166db2027b5@FreeBSD.org> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115185528.V72828@sola.nimnet.asn.au> <5bfc5ffc-dc78-78e5-4bb8-a166db2027b5@FreeBSD.org> From: Cos Chan Date: Thu, 16 Nov 2017 22:03:22 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Kurt Lidl Cc: Ian Smith , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 21:03:26 -0000 On Thu, Nov 16, 2017 at 3:57 PM, Kurt Lidl wrote: > On 11/16/17 2:27 AM, Cos Chan wrote: > > In that case I test sshd MaxAuthTries=1 and blacklistd nfail=1 and still >> get wired entry. >> >> $ sudo blacklistctl dump >> address/ma:port id nfail last access >> 57.83.1.58/32:22 0/1 1970/01/01 >> 01:00:00 >> >> $ sudo cat auth.log | grep 57.83.1.58 >> Nov 16 07:04:17 res sshd[31112]: Invalid user pi from 57.83.1.58 >> Nov 16 07:04:17 res sshd[31113]: Invalid user pi from 57.83.1.58 >> Nov 16 07:04:17 res sshd[31112]: Connection closed by 57.83.1.58 port >> 51140 [preauth] >> Nov 16 07:04:17 res sshd[31113]: Connection closed by 57.83.1.58 port >> 51144 [preauth] >> >> $ cat blacklistd-helper.log | grep 'Nov 16' >> ... >> Thu Nov 16 07:01:28 CET 2017 /usr/libexec/blacklistd-helper run add >> blacklistd tcp 120.237.88.186 32 22 >> Thu Nov 16 07:14:05 CET 2017 /usr/libexec/blacklistd-helper run add >> blacklistd tcp 139.59.111.224 32 22 >> >> No action from blacklistd-helper? how could that entry be added to >> database? >> >> no logs concerning from blacklistd either >> >> $ cat blacklistd.log | grep 'Nov 16' >> ... >> Nov 16 07:01:28 res blacklistd[23916]: blocked 120.237.88.186/32:22 < >> http://120.237.88.186/32:22> for -1 seconds >> Nov 16 07:14:05 res blacklistd[23916]: blocked 139.59.111.224/32:22 < >> http://139.59.111.224/32:22> for -1 seconds >> > > Pre-auth failures from sshd, where the username isn't found ("Invalid user > pi"), don't count against failed login attempts, because no > authorization was ever attempted by sshd. > > I made the decision not to count these against the limit in blacklistd. > I am curious why not. In my opinion the text in blacklistd man page is quite good and clear: "The nfail field contains the number of failed attempts before access is blocked" In my opinion the bad username attempts are exactly same as bad password attempts, all of them are failed attempts. > > There is a message sent from sshd to blacklistd when this occurs (bad > username), but this is the part that isn't implemented in the backend, > for banning addresses that hit known-bad usernames. > > I suppose the case could be made that a bad username is just as serious > as a bad password for an existing username. But that's not what the > code does currently. Obviously, the code could be changed to act > differently in this case. > agree, same serious as bad password. > > Blacklistd did not originally have any message types, other than > "login successful" and "login failed" for each address. > The "login successful" messages cleared all failed login attempts > for a given address. The "login failed" messages added one to the > count of failed logins for an address. If the count was over the > limit for that service (aka port), an attempt to insert rule(s) > into the packet filter to block that address. > > I've added the "abusive behavior" message type, so an application > can signal blacklisted that they want the remote address blocked > immediately. The only thing that sends that is the patches to > sendmail that I have been testing. (Not even the patches in the > /usr/ports do it yet, as that capability didn't exist when I wrote > that set of patches.) The sshd daemon (currently) never sends > "abusive behavior" messages. > > The "bad username" message (again, not yet implemented in the backend), > is intended to allow the administrator to configure a list of > bad usernames. If usernames on this list are flagged from an > application, the remote address is should be blocked immediately. > > I've struggled a bit in terms of the design for this -- the list of > usernames cannot be tied to password file entries - obviously > one might like to have "pi" on the list of forbidden names, even > though no account exists. I've also torn about the right way > to link up the blacklist rules with the name of the list of > bad usernames to check against. > > While I imagine more admins would like to have a single list of > bad usernames, and use that one list for smtp, sshd and whatever > else, others might want to have different lists for one or more > services. > I don't fully understand the reason to design different policy for bad username than bad password. To my knowledge there could be 3 kinds of bad login attempts: bad username, bad password and bad authentication method (this one only for sshd?). Forget username and try several times is acceptable, same as other 2 kinds of attempts. And if tried too many times, it should be blocked as attack. Also same as other 2 kinds of attempts. I would like to see blacklistd only managing bad attempts no matter which kind of attempt it is. > > I really should implement *something* and just accept that it will > be flawed and need refinement. > > -Kurt > -- with kind regards From owner-freebsd-questions@freebsd.org Thu Nov 16 21:21:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7B25DE97F8 for ; Thu, 16 Nov 2017 21:21:28 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 89F966ACEB for ; Thu, 16 Nov 2017 21:21:28 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) by bucksport.safeport.com (8.14.5/8.14.5) with ESMTP id vAGKxL7P069800 for ; Thu, 16 Nov 2017 15:59:22 -0500 (EST) (envelope-from doug@safeport.com) Date: Thu, 16 Nov 2017 15:59:21 -0500 (EST) From: DTD To: FreeBSD Subject: Re: Drupal vs. Wordpress Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (bucksport.safeport.com [198.74.231.101]); Thu, 16 Nov 2017 15:59:22 -0500 (EST) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 21:21:28 -0000 IMO the answer somewhat depends on if this is for you personally or something you are going to offer as a service. If you know PHP and are comfortable writing/hacking code PHP fragments it might be drupal would server you better. If is a commercial offering we decided on wordpress. If it's for you, why not try both. At the entry level they have similar interfaces. Both install easily. If you know CSS and HTML virtually anything is possible with wordpress with no PHP knowledge being needed. There are literally millions of plug-ins to extend wordpress in various areas. Drupal up to the current version considers backward compatibility a weakness. PHP must also be up-to-date. The main issue (I have) with word press is the original developer is having a food fight with the CMS wordpress users and developers in that his company (Automatic) wants to go in a different direction and (at least initially) take wordpress along for the ride. The FreeBSD parallel would have been if sendmail.com forced changes on the Unix community as a whole. The wordpress issue is kind of interesting and maybe should even be investigated to see what the affect would be for a commercial offering. For a personal or a single corporate website it is IMo largely irrelevant (but entertaining). _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Thu Nov 16 21:37:53 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CB20DEA00B for ; Thu, 16 Nov 2017 21:37:53 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x22f.google.com (mail-wr0-x22f.google.com [IPv6:2a00:1450:400c:c0c::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 27D766B879; Thu, 16 Nov 2017 21:37:53 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x22f.google.com with SMTP id p96so396627wrb.7; Thu, 16 Nov 2017 13:37:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ctCLHftkaycdQNZSAmi2AbiqzWfPh98jvdiu7OjM7Pc=; b=GYS2+BTe+eUyR7sg+uYs3LZOmLrLAoh9iromx2Oct2K4NZGVN624G5C9RMlWtiBHzN oir+1yaWvBT+cuIypCJCO30gDjkIKEOBQuxtvLBZQawh9x9KNitwq92YgtyU06ov1Xqk okbHiCRxrB4E8PbSC3hbU7EGSyQ3IBjn2edb8V/LOjwRdRWa6Bgy2ZZZ2aFDknS7iDtO H7VqwuRjNsfNjvmzlobrl57fRObl3laz8BP2T4+MxycZhYE9lhmLKAlpIVrshscHjeDO rtWnVR946WXMk91PkgH1jat4VtneKS2V/jl26dABPhNR802UHOpUKjWCczqvpOancRjv Zbdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ctCLHftkaycdQNZSAmi2AbiqzWfPh98jvdiu7OjM7Pc=; b=d2TvZ4xMRsyUlxHOum773d/7TSLImgoqF8YzRFX4ZaOMjT6k/2nkxSzrq28nTtfidU Ak+rzXbuaSrrgFapYww0jSqYDymfmgFrNz43g3iXcj9wroRqfoNhMqgVK6R8nStwcYx6 2BzQtpt4vbkFtnxOerpYK4HakGNesO4lVndLLpTZwYni2kH5wepsvyxHtSvLDeQFpSTd MJJEhnHOerbj/3ZSPXZqIE1Tbl9eTIA3rLz0rHC2AMGP3BnclI/Mye1+LNUiB8bF7aCe g28jebMWnQceUNCQdJMZqdeQTY9ReQ1nvskpgaxF6YHTC3bGmHm6nH0oQFCnn7WyBCPH hGuA== X-Gm-Message-State: AJaThX6z0wnDSgj+PmfW2X5tcu36g1q0gAo+9/ln27tHXug+03JdI9vg ZO/K2vQ5Ka18FJgQzP9Zuo1MOm4HrO8/vqhhkJvRiSWu X-Google-Smtp-Source: AGs4zMbZUjzUwL6Etni109mCF6vBN7dDrnRK1CFmKig1ecD1UhII8Ae4ZtVqMdo5BINe96Sua4aTSLnTfEP+VEr7G+w= X-Received: by 10.223.132.129 with SMTP id 1mr2496731wrg.136.1510868270946; Thu, 16 Nov 2017 13:37:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Thu, 16 Nov 2017 13:37:49 -0800 (PST) In-Reply-To: <5bfc5ffc-dc78-78e5-4bb8-a166db2027b5@FreeBSD.org> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115185528.V72828@sola.nimnet.asn.au> <5bfc5ffc-dc78-78e5-4bb8-a166db2027b5@FreeBSD.org> From: Cos Chan Date: Thu, 16 Nov 2017 22:37:49 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Kurt Lidl Cc: Ian Smith , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 21:37:53 -0000 On Thu, Nov 16, 2017 at 3:57 PM, Kurt Lidl wrote: > On 11/16/17 2:27 AM, Cos Chan wrote: > > In that case I test sshd MaxAuthTries=1 and blacklistd nfail=1 and still >> get wired entry. >> >> $ sudo blacklistctl dump >> address/ma:port id nfail last access >> 57.83.1.58/32:22 0/1 1970/01/01 >> 01:00:00 >> >> $ sudo cat auth.log | grep 57.83.1.58 >> Nov 16 07:04:17 res sshd[31112]: Invalid user pi from 57.83.1.58 >> Nov 16 07:04:17 res sshd[31113]: Invalid user pi from 57.83.1.58 >> Nov 16 07:04:17 res sshd[31112]: Connection closed by 57.83.1.58 port >> 51140 [preauth] >> Nov 16 07:04:17 res sshd[31113]: Connection closed by 57.83.1.58 port >> 51144 [preauth] >> >> $ cat blacklistd-helper.log | grep 'Nov 16' >> ... >> Thu Nov 16 07:01:28 CET 2017 /usr/libexec/blacklistd-helper run add >> blacklistd tcp 120.237.88.186 32 22 >> Thu Nov 16 07:14:05 CET 2017 /usr/libexec/blacklistd-helper run add >> blacklistd tcp 139.59.111.224 32 22 >> >> No action from blacklistd-helper? how could that entry be added to >> database? >> >> no logs concerning from blacklistd either >> >> $ cat blacklistd.log | grep 'Nov 16' >> ... >> Nov 16 07:01:28 res blacklistd[23916]: blocked 120.237.88.186/32:22 < >> http://120.237.88.186/32:22> for -1 seconds >> Nov 16 07:14:05 res blacklistd[23916]: blocked 139.59.111.224/32:22 < >> http://139.59.111.224/32:22> for -1 seconds >> > > Pre-auth failures from sshd, where the username isn't found ("Invalid user > pi"), don't count against failed login attempts, because no > authorization was ever attempted by sshd. > > I made the decision not to count these against the limit in blacklistd. > > There is a message sent from sshd to blacklistd when this occurs (bad > username), but this is the part that isn't implemented in the backend, > for banning addresses that hit known-bad usernames. > Sorry maybe forget my previous reply since I saw here something difference? auth.log: Nov 16 21:31:06 res sshd[37726]: Invalid user a from 79.175.154.178 Nov 16 21:31:06 res sshd[37726]: error: maximum authentication attempts exceeded for invalid user a from 79.175.154.178 port 32900 ssh2 [preauth] ... Nov 16 21:46:13 res sshd[37825]: Invalid user oracle from 79.175.154.178 Nov 16 21:46:13 res sshd[37825]: input_userauth_request: invalid user oracle [preauth] Nov 16 21:46:13 res sshd[37825]: error: maximum authentication attempts exceeded for invalid user oracle from 79.175.154.178 port 53278 ssh2 [preauth] Nov 16 21:46:13 res sshd[37825]: Disconnecting: Too many authentication failures [preauth] here says invalid user so should be not registered as failed attempts? But it did. $ sudo blacklistctl dump -b address/ma:port id nfail last access 79.175.154.178/32:22 OK 2/2 2017/11/16 21:46:13 82.135.31.115/32:22 OK 2/2 2017/11/16 21:43:45 The blacklistd-helper.log prove it was added by the invalid user attempts : Thu Nov 16 21:46:13 CET 2017 /usr/libexec/blacklistd-helper run add blacklistd tcp 79.175.154.178 32 22 BTW, here shows exactly what Ian expected. The one "maximum authentication attempts" (=2 failed attempts in my host) means one nfail in blacklistd. That is better to update man page which says "number of failed attempts". And why most of invalid user attempts added as blocked entries but still few similar attempts not added? > > > > -Kurt > -- with kind regards From owner-freebsd-questions@freebsd.org Thu Nov 16 21:40:56 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EA08DEA3F4 for ; Thu, 16 Nov 2017 21:40:56 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E0C6B6BA68; Thu, 16 Nov 2017 21:40:55 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wr0-x229.google.com with SMTP id 4so419394wrt.0; Thu, 16 Nov 2017 13:40:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6ebk0BIDRq4ps6ZDBldEQD9Iyx0jOSNrGiUasX5fdTk=; b=jcVXi99SZvk+4CiKdSnIRCl4QQ/VD7ObUFSkB+ZNsUMZKfmOLrHY0KUoWNH88/qzcE Yh5UtrFmZpGyySmQuHUk6Kv7PFyXh/hoLjz6FteM02WwAdl08liD77FD+gzZBEbzTQj4 bT1qW1P4fD6vvB3U5OMDnRyATy7AUzEQHbYCQr5N+JZzlXEZo05V+5QEFY4bPRmnlDx6 FkmkxH3/lozZkhpeFRhV+fvPOVp2pKsd+FGLP3Zl1f588PUq5DzVqKpwOoYuR84fqz2z TJxk45Qea0cvr6J6yMXFpLE1gF5DAKvrSWc8dz+2kF7Fj8HI8/ae7t/25H0fAZx6+V8c c7jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6ebk0BIDRq4ps6ZDBldEQD9Iyx0jOSNrGiUasX5fdTk=; b=hUdyqRpr0hMvH6kOwY2nKKF1hchriDd4aaMCXGVTvBkGdTpqbmYH2ZvKcb9tPIOauX ALQlgMzhgPasvyZaFk3LMavojqLuRXoIcH2jfE4jD+lwCB51rynIP9bZFolLfkjrZSYA TwcXQ0UKDJA+/BOBQi5HluHK6e85TcCAKN5rdpzOS+O+kKU+WNoPxqz7dQ3FUaPD5w0T W+tBsggdJ43GT/53UtdcoVby9g9vzAZ/244sIQ0AP4kQ/1fw9+iWTGmQDhQWUWVJRc7x HbTqH8EQTPrGLR2u8a7PX/98A2shcd2rKmcbIlefmRiZyyLT5YAcNZLRTBMZrLIytAFd LIhQ== X-Gm-Message-State: AJaThX4QOUWupjb1fa2S6UdCQU/VMDtlC/p6XAYa7tVNk/KEkIKoYKqn EFpytlDqPXVtNby7PyZo8yf3SiOOFuXHclGiXfVtvg== X-Google-Smtp-Source: AGs4zMbaHfzzguVI6+hsAB+UINuRaQzHLe5LfiYtNX2ZA5Uf6IV112fB6TfyHNEWa0pLGYaO+W2nJdEWefLNbZhgSe0= X-Received: by 10.223.157.207 with SMTP id q15mr2461441wre.223.1510868454507; Thu, 16 Nov 2017 13:40:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Thu, 16 Nov 2017 13:40:53 -0800 (PST) In-Reply-To: <20171117005738.V72828@sola.nimnet.asn.au> References: <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> <20171117005738.V72828@sola.nimnet.asn.au> From: Cos Chan Date: Thu, 16 Nov 2017 22:40:53 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: Kurt Lidl , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 21:40:56 -0000 On Thu, Nov 16, 2017 at 3:53 PM, Ian Smith wrote: > On Wed, 15 Nov 2017 11:02:30 -0500, Kurt Lidl wrote: > > On 11/15/17 6:46 AM, Cos Chan wrote: > > > > > blacklistd.log: > > > Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 > > > for -1 seconds > > > Nov 15 12:15:40 res blacklistd[22100]: rule exists OK > > > Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 > > > for -1 seconds > > > > The "-1 seconds" looks fishy to me. > > > > What is the /etc/blacklistd.conf on this machine? > > Whether or not the first block succeeded, which if it had, should have > precluded another one two minutes later .. just on this point: > > -1 here means "never remove" ie duration='*', like nfail='*' is also set > to -1 for 'never block'. Noticed in .. > > [ here /usr/head/src/contrib/blacklist/ ] > bin/blacklistd.c: update(void) > [..] > if (c.c_duration == -1 || when >= ts.tv_sec) <<<---- > continue; > if (dbi.id[0]) { > run_change("rem", &c, dbi.id, 0); > sockaddr_snprintf(buf, sizeof(buf), "%a", ss); > syslog(LOG_INFO, "released %s/%d:%d after %d > seconds", > buf, c.c_lmask, c.c_port, c.c_duration); > } > state_del(state, &c); > > One of the problems with blocklistd-helper is that return codes from it > are mostly not checked, in some cases it's run as (void)run_change(..) > so it's dependant on the helper script succeeding, and simply ignores > any indicated failure - except possibly for an add operation, where it > returns -1 if it gets a NULL response (empty string I assume) otherwise > it returns 0 after copying the output string to the id (here always OK) > .. but it seems nothing cares about the return code eithe rway .. > > A bit more about making the script more robust - and more informative > for debugging, at least re ipfw - is slowly brewing, but I'm running out > of spare time at the moment, and will have to quit digging this deep > into code I'm unlikely ever to run myself :) > > [ Cos, do you get any different behaviour if you set duration to some > value other than '*'? 30d should be near enough forever for testing ] > RIght, I can't see same "increased after ipfw blocked" issue while I change the * to 30d. I will check again tomorrow. > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Thu Nov 16 22:05:24 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 009EADEAFDB for ; Thu, 16 Nov 2017 22:05:24 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A29D6CEA8 for ; Thu, 16 Nov 2017 22:05:23 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: by mail-wr0-x235.google.com with SMTP id 15so457254wrb.5 for ; Thu, 16 Nov 2017 14:05:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yDUhxvNMcSdLgt6HJzwtnZuIQ7DqjKI6muyRnNSmlv4=; b=oRqrSUk3YfspfTeDaq1+Sy9JYdBUO3/71WHZBOjiZ4HRKTbpzJLYXxOvRAaFQgsMqd Cfqp9v1OgRLuBC+f20N1l0FWfxo7lxWYcojqNXOYGzMJxX4dvTFi4c53E1egbvEFqijG KJSnDRcCBk1F588ZdyDK5R8RZjf9vrb56fdM4TXGmjpr7FdEZr2rjzQxTE01mlY4POrH A5In5+uY5jmn8kSS+hvmaYB89sZmlDKXQR8IJlTa6pnMbLmQVFxhPJiCOc7o4HTfkx2N joVVp/TSLjZNUd0UzSFwsV2VT4zL5PAkAYUdV1Pp7kajneO/ONyNpsT+VLYtkWlmt0jz N7Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yDUhxvNMcSdLgt6HJzwtnZuIQ7DqjKI6muyRnNSmlv4=; b=N1SJOZaTzKAccapYi9yQz8NAaKMNjKqix5VRtyq7i+7fVxPJYtyFFDeTDQ/Fpzt8Aw 23DepvQtgm9c2ZA0NaE7Tfx9nHby9CIwKqnnhd3GnQxW/hqzsR48bYlU9eLqJ5QdfXwm TX27G1kvClI+zfHytihmKNh9zUGJJOM1CpsJMbx56SvdS1iynMKmUdYsGfPZDFS4DXKx 6UTD23fH8QrH5IpvqPufpJPsciVVzi2OJgX6qb0Jumw+8QyA3Sfknf6X2TMbC1Hsvc0C P98xm6o7rA99mQRc5qhHCOxZmLcHAGnOWD6dMhHCsStUrm86QWe82gy4iV58Ac3/vPk6 EL8w== X-Gm-Message-State: AJaThX77N7dJEAE53BMCOJlDpX5RkeoowpMdeZgvewzzGskq0EyGYW7q 4rbzWV1TDvuHEScHfFQEZHofcHNJ/D4QRSbpXDUzxg== X-Google-Smtp-Source: AGs4zMYeDpVqvVilnTe7QHuOtQIlpZfe4ZDSdAKdKQlnEH4zDQ1hyijgyhdHfmBGHPz3+XrezSQ/f2x0A0/xnTqy2Fg= X-Received: by 10.223.192.10 with SMTP id z10mr2709822wre.101.1510869921135; Thu, 16 Nov 2017 14:05:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.150.227 with HTTP; Thu, 16 Nov 2017 14:04:40 -0800 (PST) In-Reply-To: References: From: Outback Dingo Date: Thu, 16 Nov 2017 23:04:40 +0100 Message-ID: Subject: Re: Drupal vs. Wordpress To: DTD Cc: FreeBSD Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 22:05:24 -0000 On Thu, Nov 16, 2017 at 9:59 PM, DTD wrote: > IMO the answer somewhat depends on if this is for you personally or > something you are going to offer as a service. If you know PHP and are > comfortable writing/hacking code PHP fragments it might be drupal would > server you better. If is a commercial offering we decided on wordpress. If > it's for you, why not try both. At the entry level they have similar > interfaces. Both install easily. > > If you know CSS and HTML virtually anything is possible with wordpress with > no PHP knowledge being needed. There are literally millions of plug-ins to > extend wordpress in various areas. Drupal up to the current version > considers backward compatibility a weakness. PHP must also be up-to-date. > The main issue (I have) with word press is the original developer is having > a food fight with the CMS wordpress users and developers in that his company > (Automatic) wants to go in a different direction and (at least initially) > take wordpress along for the ride. The FreeBSD parallel would have been if > sendmail.com forced changes on the Unix community as a whole. > > The wordpress issue is kind of interesting and maybe should even be > investigated to see what the affect would be for a commercial offering. For > a personal or a single corporate website it is IMo largely irrelevant (but > entertaining). > IMHO dont use either of them, both have known issues with security > > _____ > Douglas Denault > http://www.safeport.com > doug@safeport.com > Voice: 301-217-9220 > Fax: 301-217-9277 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Thu Nov 16 23:11:27 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F3A4DECE36 for ; Thu, 16 Nov 2017 23:11:27 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 023606FFC8 for ; Thu, 16 Nov 2017 23:11:27 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x235.google.com with SMTP id w127so6954262iow.11 for ; Thu, 16 Nov 2017 15:11:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=14kQpb10AYAZ3LVuJL2PeMtGm4Exw9scq/lC4v+DjWU=; b=StNaSDK1/TH3JI+09muQx6LSJ0xA+Ju1PG0GcOku0zrzGy/jhONkrNdZUuJ1n3j5MX MUa36GbZ0/8oMcc92NJLEaI1eSh7oIzCVJ6mAS1DDX9IhgXRLfwhFEZxI19C3Mu6kMx/ xR7ABgDaCnpDMyXVZmxKYpi3eOn08qoxoo0E+oeofSYhNx08cwYL1bxdA6LzPLvC+9Jr CrUhT/iQQyBiePAYqB5qBHXCHqWfur/7FG+2Ta1FHzvXXMMsWdENlypCYpyRliM8afKQ qH6gjLZ1elYiMZ7swKDX6/uitXZ1D1LibYvFs4kyixGFSYWuPsM74KVPQtM5vU/UEuRP kHFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=14kQpb10AYAZ3LVuJL2PeMtGm4Exw9scq/lC4v+DjWU=; b=sUuEXoOW8bosGX7GIxc1Ni9OgSXlYCAons6TVpcdW9Sf2jqMElb4V1VXYlsNUW1Sk5 yxu23wvZwEJv13Cy+wKMhZ2AIhOw3JOIPkcZ/VMxOVMf44dBkUVncuso7ipXgRuB/UnA A4Kb8Lidt/fXc+QhPaQlO2eC1cWfRnjDs6B1734/Rcd7s/Zp+D0aQ5CKWMo+jJUtr3tG eYDD4CD5caHfn7rT3v7eNMXcBB3/NKZYUG720YPAYybVVcwqTw0fI0TVx6FlCfA0ByC1 125CYq8Z/UZHasMuhNkCisohZSgCPfQ8NbQ3aiIFaEXhtiyNIjn9eBytfjnNsyhV1ARR us+w== X-Gm-Message-State: AJaThX4tztb/lbmFQyYiBCBE9D2/pcyD3puhJsiKoMJpWuP80KGpZMm8 vYVigYVrl5YUVTgOBljgRbrtpg== X-Google-Smtp-Source: AGs4zMYzuilpXEos45XI/RoDpG/Q5xhntF2V33CHxgpYpr7obh+y61NZ/rlzuBch25u13ncSNp5vAQ== X-Received: by 10.107.180.77 with SMTP id d74mr626453iof.118.1510873886389; Thu, 16 Nov 2017 15:11:26 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id g195sm1484560itc.14.2017.11.16.15.11.25 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 16 Nov 2017 15:11:25 -0800 (PST) Message-ID: <5A0E1B1D.60406@gmail.com> Date: Thu, 16 Nov 2017 18:11:25 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Polytropon CC: "freebsd-questions@freebsd.org" Subject: Re: fetchmail References: <5A0C4C88.70105@gmail.com> <20171115152344.d08dfe4f.freebsd@edvax.de> <5A0C5727.7080105@gmail.com> <20171115164017.0af64123.freebsd@edvax.de> In-Reply-To: <20171115164017.0af64123.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 23:11:27 -0000 Polytropon wrote: > On Wed, 15 Nov 2017 10:03:03 -0500, Ernie Luzar wrote: >> Polytropon wrote: >>> On Wed, 15 Nov 2017 09:17:44 -0500, Ernie Luzar wrote: >>>> Is there a more modern port that does the same thing as fetchmail? >>> What is "un-modern" about fetchmail? >>> >>> >> >> It's been around for a very long time and I have been using it all most >> all that time. But lately been getting socket errors and other error >> messages. > > One suggestion is to use an IP instead of a hostname for the > server to fetch messages from: > > http://www.fvue.nl/wiki/Fetchmail:_socket_error_while_fetching_from_mail.example.com > > I don't think this is an ideal workaround (as IPs might change). > Also the suggestions here (from the fetchmail web page) could > help: > > http://www.catb.org/esr/fetchmail/fetchmail-FAQ.html#R6 > That faq #6 talks about people who are using the PPP protocol which is not me. The bottom of that faq says to use ip address instead of fqdn. > And another suggestion is to check if your configuration file > has the "ssl" keyword added, for example with a configuration line > in ~/.fetchmailrc (for user-local use) like this: > > poll pop.example.com proto POP3 user pass fetchall flush ssl > > If you don't add "ssl", but the server does not support non-SSL > connections, such socket errors might occur. See "man fetchmail" > for option details. > I have ssl and port 995 options. Changed the remote server fqdn to its ip address and still got the same socket error. This is an informational only message that pops out a few times in 24 hour period. Just one of those background noise issues that I am going to ignore. I shortened the timeout from 30 seconds to 3 seconds. Lets wait and see if that has any effect. Thanks for your input. From owner-freebsd-questions@freebsd.org Thu Nov 16 23:12:14 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03A0EDECEDB for ; Thu, 16 Nov 2017 23:12:14 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id DA94F70130 for ; Thu, 16 Nov 2017 23:12:13 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 74060CB8CF3; Thu, 16 Nov 2017 17:12:07 -0600 (CST) Received: from 10.150.126.165 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Thu, 16 Nov 2017 17:12:07 -0600 (CST) Message-ID: <49459.10.150.126.165.1510873927.squirrel@cosmo.uchicago.edu> In-Reply-To: References: Date: Thu, 16 Nov 2017 17:12:07 -0600 (CST) Subject: Re: Drupal vs. Wordpress From: "Valeri Galtsev" To: "Outback Dingo" Cc: "DTD" , "FreeBSD" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 23:12:14 -0000 On Thu, November 16, 2017 4:04 pm, Outback Dingo wrote: > On Thu, Nov 16, 2017 at 9:59 PM, DTD wrote: >> IMO the answer somewhat depends on if this is for you personally or >> something you are going to offer as a service. If you know PHP and are >> comfortable writing/hacking code PHP fragments it might be drupal would >> server you better. If is a commercial offering we decided on wordpress. >> If >> it's for you, why not try both. At the entry level they have similar >> interfaces. Both install easily. >> >> If you know CSS and HTML virtually anything is possible with wordpress >> with >> no PHP knowledge being needed. There are literally millions of plug-ins >> to >> extend wordpress in various areas. Drupal up to the current version >> considers backward compatibility a weakness. PHP must also be >> up-to-date. >> The main issue (I have) with word press is the original developer is >> having >> a food fight with the CMS wordpress users and developers in that his >> company >> (Automatic) wants to go in a different direction and (at least >> initially) >> take wordpress along for the ride. The FreeBSD parallel would have been >> if >> sendmail.com forced changes on the Unix community as a whole. >> >> The wordpress issue is kind of interesting and maybe should even be >> investigated to see what the affect would be for a commercial offering. >> For >> a personal or a single corporate website it is IMo largely irrelevant >> (but >> entertaining). >> > > IMHO dont use either of them, both have known issues with security > Agree. I for one prefer joomla and serendipity to wordpress, drupal... Valeri > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Fri Nov 17 00:07:49 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53E63DEE631 for ; Fri, 17 Nov 2017 00:07:49 +0000 (UTC) (envelope-from javocado@gmail.com) Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1321F71D96 for ; Fri, 17 Nov 2017 00:07:49 +0000 (UTC) (envelope-from javocado@gmail.com) Received: by mail-vk0-x22f.google.com with SMTP id p80so719383vkd.10 for ; Thu, 16 Nov 2017 16:07:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=m/WcNSUpK+hIgYWK8tkwmIwVCceLmd2OHqFJJcQSH1A=; b=baqjKos1f+XY7Ll5hXyRuexyNljWl8ELV12Gl3SAoOrf3PCXvw8CMZb7RtDge/flVH btX7r18v8rALMO1i0yilR3icE7euoridGPDxPkdQiMvmOTFYQbZ+LgKV2cV9qp3LAed6 n1LO5FcpnKhw4WYvcyaKC98BObWXmWmvLXNlUwZ1uQh7QgrzKzk7lsH/Mv8IlOiO4DT7 gGRLMI3rMXQTFlNRvhKYkXcAsIE4LPSM4TdHTWLM7LMwjnN9mytp+LSrg/mTLwcTWr6b qtx6gszM6bAibNkIgjx0VIuCR2eU7RuXFT/qPwg4fnpw0aVhp/OB+X+Z+/z+4fYa315t TBVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=m/WcNSUpK+hIgYWK8tkwmIwVCceLmd2OHqFJJcQSH1A=; b=hHCfj6f+Mtl9XvBAwJzy8OPNAf265L3DtMFysVX3Jvav+hAwIwKzsiGStYV+zUG97l pRFlWulOKDR3XVAqdt4XsI/iszxZtzZR53bUbT2Fz4gSCEJzuFIkbCz9gjZNcDuWxDUf LayDAnwBDsZPnQOrIT1gmI4lNOggncn+yhRvPHB00JFnZXKwydwQ2cOEr/+w7srO5nPT YdzLYXcITsMHLMCBWpZD6rv+r9AyUkWzAzcHvDVx8j00GUpco+BmgSWUMkQ/mrxx3R5l /UpUwIlMAiq28q5jwjySXM462Yi9D8Uet37cCzvTCEcfdIP0sTc2kUka2giXOgRy7oqH jl8g== X-Gm-Message-State: AJaThX58yLaWOD3Oz2NCUYYMrTqyECW3tnMK8RfrNRwrCUt58H0KcUWa F8ZdtYvf5HtyPiNRetKWIiVwx+5ILECKUChY3K2DOg== X-Google-Smtp-Source: AGs4zMbIoBylErhWI6CNrs15nN/74ubV8qx0fRRPJE7kSKb+DxrUXBqnxzGWOLOQhf8rb995WLRmtYzcCOGcZ9RSGCE= X-Received: by 10.31.151.21 with SMTP id z21mr2724852vkd.44.1510877267934; Thu, 16 Nov 2017 16:07:47 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.198 with HTTP; Thu, 16 Nov 2017 16:07:47 -0800 (PST) In-Reply-To: References: From: javocado Date: Thu, 16 Nov 2017 16:07:47 -0800 Message-ID: Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: Tim Daneliuk Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 00:07:49 -0000 I think you misunderstand what I am asking - you have explained why a "established" rule is needed in the ruleset. You are correct and it is something (an established rule) that I always use. What I am saying is: I just noticed that you can specify a port number in the established rule: allow tcp from any to any 22 established ... which I don't understand. In fact, I think it is a bug, but I am asking to make sure. It doesn't seem like specifying a port in the established rule makes any sense ... On Thu, Nov 16, 2017 at 12:01 PM, Tim Daneliuk wrote: > On 11/16/2017 01:29 PM, javocado wrote: > > Almost every single ipfw ruleset I create has this as the very first > rule: > > > > allow tcp from any to any established > > > > ... and I just noticed that ipfw allows me to specify a port on this > rule: > > > > allow tcp from any to any 22 established > > > > If I create a new connection to port 22, I need a rule to allow port 22 > > traffic out: > > > > allow tcp from any to any 22 > > > > ... but once that connection is established, doesn't the client begin > > talking to the server on an ephemeral port (not 22) that isn't > predictable ? > > > > Why would it ever make sense to specify a port on established ? > > If you are running your own sshd *server*, then you need rules that > allow all or some to connect *to* your machine. > > If you are running an ssh *client*, you need to first allow access *out* > via port 22 to get to the remote servers. Thereafter - as you suggest - > the server and client rendezvous and establish a permanent connection on > another port (and the server goes back to listening on 22). So, the > firewall has to permit access to the established session w/o knowing > which port will be used ahead of time. > > > > > > ------------------------------------------------------------ > ---------------- > Tim Daneliuk tundra@tundraware.com > PGP Key: http://www.tundraware.com/PGP/ > > From owner-freebsd-questions@freebsd.org Fri Nov 17 00:19:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1D51DEEB1D for ; Fri, 17 Nov 2017 00:19:17 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AE80372293 for ; Fri, 17 Nov 2017 00:19:16 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAH0JAi7042810 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Nov 2017 18:19:11 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: javocado Cc: freebsd-questions@freebsd.org References: From: Tim Daneliuk Message-ID: <700e9ff8-a808-43a2-490d-907900d32a82@tundraware.com> Date: Thu, 16 Nov 2017 18:19:05 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Thu, 16 Nov 2017 18:19:11 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vAH0JAi7042810 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.896, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.10, RP_MATCHES_RCVD -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 00:19:18 -0000 On 11/16/2017 06:07 PM, javocado wrote: > > > ... which I don't understand.  In fact, I think it is a bug, but I am asking to make sure.  It doesn't seem like specifying a port in the established rule makes any sense ... I've never much thought about it, but perhaps the intention to to limit enabling traffic to those connections that were originally created via a port 22 rendezvous ... i.e. The rule would only apply to active ssh connections. Like I said, I am not certain of this, so it could well be bogus. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Fri Nov 17 02:59:59 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB15FDB8186 for ; Fri, 17 Nov 2017 02:59:59 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from bacon.theory14.net (bacon.theory14.net [45.55.200.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9B3BF76C69 for ; Fri, 17 Nov 2017 02:59:59 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from remote.theory14.net (remote.theory14.net [173.79.116.36]) by bacon.theory14.net (Postfix) with ESMTPSA id E1736125F10; Thu, 16 Nov 2017 21:53:21 -0500 (EST) Received: from anubis.int.theory14.net (anubis.int.theory14.net [192.168.10.50]) by remote.theory14.net (Postfix) with ESMTPS id A5502BAA7; Thu, 16 Nov 2017 21:53:21 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? From: Chris Gordon In-Reply-To: Date: Thu, 16 Nov 2017 21:53:21 -0500 Cc: javocado , freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> References: To: Tim Daneliuk X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 02:59:59 -0000 > On Nov 16, 2017, at 3:01 PM, Tim Daneliuk = wrote: >=20 > On 11/16/2017 01:29 PM, javocado wrote: >>=20 >=20 > If you are running your own sshd *server*, then you need rules that > allow all or some to connect *to* your machine. >=20 > If you are running an ssh *client*, you need to first allow access = *out* > via port 22 to get to the remote servers. Thereafter - as you suggest = - > the server and client rendezvous and establish a permanent connection = on > another port (and the server goes back to listening on 22). =20 No, that is not how this work. There is no renegotiation of ports. A = =E2=80=9Cconnection=E2=80=9D is identified by: - Source Address - Source Port - Destination Address - Destination Port - Protocol Though source and destination are relative to the client and server, = these values don=E2=80=99t change over the life of the connection. Let=E2=80=99s assume the following: - Client is on 192.168.10.2 - Client wants to connect to sshd (so we know this is tcp and on port 22 = by default) on Server at 10.1.1.1 The client then sends packets with a source of 192.168.10.2:=E2=80=9Dephem= eral port"/tcp to a destination of 10.1.1.1:22/tcp. The server replies = to the client with a source of 10.1.1.1:22/tcp and a destination of = 192.168.10.2:=E2=80=9Dsame ephemeral port that the client used=E2=80=9D/tc= p. This goes on until the =E2=80=9Csession=E2=80=9D is over and the = entire connection gets torn down, typically either from one side = initiating a FIN or a RESET. The =E2=80=9Cephemeral port=E2=80=9D is some port number, typically high = in the range of possible ports, that is randomly chosen for each = connection and it stays the same for each connection. It is this tuple = of source and destination address and protocols that defines a = connection and allows the multiple connections to a server to occur. = Take a look at the net.inet.ip.portrange.* sysctl=E2=80=99s for the = ranges used here. You can fire up tcpdump (or wireshark or similar tool) and watch the = traffic to validate that this is how things work. When you talk about negotiating different ports, you may be thinking of = something like FTP where you initially establish a control connection = and then when data is to be transferred and entirely new connection is = created, in parallel with the control channel, to transfer the data. = This data connection is an entirely new connection and obeys the same = rules as above. The tricky and confusing part for FTP is if it=E2=80=99s = =E2=80=9Cactive=E2=80=9D or =E2=80=9Cpassive=E2=80=9D meaning which end = establishes the data connection. IRC=E2=80=99s DCC and certain = protocols that use portmapper are similar in that they create = additional/new connections following an initial connection. ssh (and = http, etc) does NOT do this. As for the original question about the purpose of =E2=80=9Cestablished=E2=80= =9D in ipfw syntax, I don=E2=80=99t use ipfw so I don=E2=80=99t know = without some further reading of the man pages and handbook. > So, the > firewall has to permit access to the established session w/o knowing > which port will be used ahead of time. An established session means the ports ARE all known.=20 Hope this helps some. Chris= From owner-freebsd-questions@freebsd.org Fri Nov 17 03:04:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 170E4DB8624 for ; Fri, 17 Nov 2017 03:04:06 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CE2AC77233 for ; Fri, 17 Nov 2017 03:04:05 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAH342h3045413 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Nov 2017 21:04:02 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: Chris Gordon Cc: javocado , freebsd-questions@freebsd.org References: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> From: Tim Daneliuk Message-ID: Date: Thu, 16 Nov 2017 21:03:57 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Thu, 16 Nov 2017 21:04:03 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vAH342h3045413 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.896, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.10, RP_MATCHES_RCVD -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 03:04:06 -0000 On 11/16/2017 08:53 PM, Chris Gordon wrote: > No, that is not how this work. There is no renegotiation of ports You missed my point entirely. Socket connections to services like sshd, sendmail, and so forth only rendevouz on the well known port. The server the fork-execs itself with the child going back to listen on the well known port and the parent and client connecting at some ephemeral point. This happens ONCE at initial connection time. If it did not work this way, servers would be prevented from listening for more requests while they handled a single request ... they would effectively be serialized on a request-by-request basis. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Fri Nov 17 03:36:57 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6EFFDB90F0 for ; Fri, 17 Nov 2017 03:36:57 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from bacon.theory14.net (bacon.theory14.net [45.55.200.27]) by mx1.freebsd.org (Postfix) with ESMTP id AF450782A6 for ; Fri, 17 Nov 2017 03:36:57 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from remote.theory14.net (remote.theory14.net [173.79.116.36]) by bacon.theory14.net (Postfix) with ESMTPSA id 1DC4D125F10; Thu, 16 Nov 2017 22:36:56 -0500 (EST) Received: from anubis.int.theory14.net (anubis.int.theory14.net [192.168.10.50]) by remote.theory14.net (Postfix) with ESMTPS id D1CE3BAB2; Thu, 16 Nov 2017 22:36:55 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? From: Chris Gordon In-Reply-To: Date: Thu, 16 Nov 2017 22:36:55 -0500 Cc: javocado , freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <77066374-D052-412F-83F2-A56F945CACA7@theory14.net> References: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> To: Tim Daneliuk X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 03:36:57 -0000 Tim, I think we are talking past each other a little bit. > On Nov 16, 2017, at 10:03 PM, Tim Daneliuk = wrote: >=20 > On 11/16/2017 08:53 PM, Chris Gordon wrote: >> No, that is not how this work. There is no renegotiation of ports >=20 > You missed my point entirely. Socket connections to services like > sshd, sendmail, and so forth only rendevouz on the well known port. > The server the fork-execs itself with the child going back to listen > on the well known port I agree, we=E2=80=99re talking here about the behavior of accept(2), = right? The forked process or new thread or whatever is created to = handle the on-going =E2=80=9Cconversation=E2=80=9D. > and the parent and client connecting at some > ephemeral point. This happens ONCE at initial connection time. I=E2=80=99m not sure I follow this. I don=E2=80=99t know what you mean = by =E2=80=9Cephemeral point=E2=80=9D. The tuple defining a connection = is established when the client sends the initiating SYN packet. The = addresses, ports and protocol used from then on is set. Here=E2=80=99s = a quick dump of data to show this. I fired up tcpdump on 192.168.10.50 = (client) and then made an ssh connection to 192.168.10.20 (server), ran = ls, then terminated the ssh session. You=E2=80=99ll see the ports = don=E2=80=99t change from the initiating SYN to the final ACK. In this = case 64107/tcp is the ephemeral port used throughout the connection. =3D=3D=3D TCPDUMP on client =3D=3D=3D % sudo tcpdump -i en0 -nn host 192.168.10.20 and port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes 22:17:23.669140 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [S], = seq 3284314671, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val = 657309331 ecr 0,sackOK,eol], length 0 22:17:23.669438 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [S.], = seq 598828752, ack 3284314672, win 65535, options [mss 1460,nop,wscale = 6,sackOK,TS val 2684756759 ecr 657309331], length 0 22:17:23.669485 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1, win 7828, options [nop,nop,TS val 657309331 ecr 2684756759], = length 0 22:17:23.669864 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 1:22, ack 1, win 7828, options [nop,nop,TS val 657309331 ecr = 2684756759], length 21 22:17:23.684921 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1:39, ack 22, win 1026, options [nop,nop,TS val 2684756774 ecr = 657309331], length 38 22:17:23.684948 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 39, win 7827, options [nop,nop,TS val 657309346 ecr 2684756774], = length 0 22:17:23.686071 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 22:1990, ack 39, win 7827, options [nop,nop,TS val 657309347 ecr = 2684756774], length 1968 22:17:23.686418 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [.], = ack 1990, win 995, options [nop,nop,TS val 2684756775 ecr 657309347], = length 0 22:17:23.686915 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 39:1079, ack 1990, win 995, options [nop,nop,TS val 2684756776 ecr = 657309347], length 1040 22:17:23.686934 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1079, win 7794, options [nop,nop,TS val 657309347 ecr 2684756776], = length 0 22:17:23.691433 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 1990:2038, ack 1079, win 7812, options [nop,nop,TS val 657309352 ecr = 2684756776], length 48 22:17:23.706656 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1079:1359, ack 2038, win 1026, options [nop,nop,TS val 2684756796 = ecr 657309352], length 280 22:17:23.706680 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1359, win 7803, options [nop,nop,TS val 657309367 ecr 2684756796], = length 0 22:17:23.714353 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 2038:2054, ack 1359, win 7812, options [nop,nop,TS val 657309374 ecr = 2684756796], length 16 22:17:23.819091 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [.], = ack 2054, win 1026, options [nop,nop,TS val 2684756908 ecr 657309374], = length 0 22:17:23.819162 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 2054:2098, ack 1359, win 7812, options [nop,nop,TS val 657309478 ecr = 2684756908], length 44 22:17:23.819583 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1359:1403, ack 2098, win 1026, options [nop,nop,TS val 2684756908 = ecr 657309478], length 44 22:17:23.819617 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1403, win 7811, options [nop,nop,TS val 657309478 ecr 2684756908], = length 0 22:17:23.819885 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 2098:2166, ack 1403, win 7812, options [nop,nop,TS val 657309478 ecr = 2684756908], length 68 22:17:23.823081 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1403:1471, ack 2166, win 1026, options [nop,nop,TS val 2684756912 = ecr 657309478], length 68 22:17:23.823105 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1471, win 7810, options [nop,nop,TS val 657309481 ecr 2684756912], = length 0 22:17:23.823160 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 2166:2530, ack 1471, win 7812, options [nop,nop,TS val 657309481 ecr = 2684756912], length 364 22:17:23.826830 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1471:1795, ack 2530, win 1026, options [nop,nop,TS val 2684756916 = ecr 657309481], length 324 22:17:23.826913 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1795, win 7802, options [nop,nop,TS val 657309484 ecr 2684756916], = length 0 22:17:23.829649 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 2530:3174, ack 1795, win 7812, options [nop,nop,TS val 657309486 ecr = 2684756916], length 644 22:17:23.833147 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1795:1823, ack 3174, win 1026, options [nop,nop,TS val 2684756922 = ecr 657309486], length 28 22:17:23.833246 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 1823, win 7811, options [nop,nop,TS val 657309489 ecr 2684756922], = length 0 22:17:23.833476 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3174:3286, ack 1823, win 7812, options [nop,nop,TS val 657309489 ecr = 2684756922], length 112 22:17:23.851323 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 1823:2323, ack 3286, win 1026, options [nop,nop,TS val 2684756940 = ecr 657309489], length 500 22:17:23.851380 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2323, win 7796, options [nop,nop,TS val 657309507 ecr 2684756940], = length 0 22:17:23.851561 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2323:2367, ack 3286, win 1026, options [nop,nop,TS val 2684756941 = ecr 657309507], length 44 22:17:23.851584 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2367, win 7811, options [nop,nop,TS val 657309507 ecr 2684756941], = length 0 22:17:23.851708 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3286:3730, ack 2367, win 7812, options [nop,nop,TS val 657309507 ecr = 2684756941], length 444 22:17:23.855062 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2367:2475, ack 3730, win 1026, options [nop,nop,TS val 2684756944 = ecr 657309507], length 108 22:17:23.855124 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2475, win 7809, options [nop,nop,TS val 657309510 ecr 2684756944], = length 0 22:17:23.855310 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2475:2583, ack 3730, win 1026, options [nop,nop,TS val 2684756944 = ecr 657309510], length 108 22:17:23.855335 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2583, win 7809, options [nop,nop,TS val 657309510 ecr 2684756944], = length 0 22:17:23.855565 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2583:2691, ack 3730, win 1026, options [nop,nop,TS val 2684756944 = ecr 657309510], length 108 22:17:23.855602 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2691, win 7809, options [nop,nop,TS val 657309510 ecr 2684756944], = length 0 22:17:23.918270 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2691:2735, ack 3730, win 1026, options [nop,nop,TS val 2684757007 = ecr 657309510], length 44 22:17:23.918297 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2735, win 7811, options [nop,nop,TS val 657309572 ecr 2684757007], = length 0 22:17:23.919521 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2735:2899, ack 3730, win 1026, options [nop,nop,TS val 2684757009 = ecr 657309572], length 164 22:17:23.919545 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 2899, win 7807, options [nop,nop,TS val 657309573 ecr 2684757009], = length 0 22:17:23.942523 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 2899:3055, ack 3730, win 1026, options [nop,nop,TS val 2684757031 = ecr 657309573], length 156 22:17:23.942594 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3055, win 7807, options [nop,nop,TS val 657309596 ecr 2684757031], = length 0 22:17:30.138663 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3730:3766, ack 3055, win 7812, options [nop,nop,TS val 657315731 ecr = 2684757031], length 36 22:17:30.139462 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3055:3091, ack 3766, win 1026, options [nop,nop,TS val 2684763228 = ecr 657315731], length 36 22:17:30.139552 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3091, win 7811, options [nop,nop,TS val 657315731 ecr 2684763228], = length 0 22:17:30.242029 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3766:3802, ack 3091, win 7812, options [nop,nop,TS val 657315834 ecr = 2684763228], length 36 22:17:30.242644 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3091:3135, ack 3802, win 1026, options [nop,nop,TS val 2684763332 = ecr 657315834], length 44 22:17:30.242707 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3135, win 7811, options [nop,nop,TS val 657315834 ecr 2684763332], = length 0 22:17:30.353697 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3802:3838, ack 3135, win 7812, options [nop,nop,TS val 657315944 ecr = 2684763332], length 36 22:17:30.354568 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3135:3187, ack 3838, win 1026, options [nop,nop,TS val 2684763443 = ecr 657315944], length 52 22:17:30.354624 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3187, win 7810, options [nop,nop,TS val 657315944 ecr 2684763443], = length 0 22:17:30.359559 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3187:3287, ack 3838, win 1026, options [nop,nop,TS val 2684763448 = ecr 657315944], length 100 22:17:30.359590 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3287, win 7809, options [nop,nop,TS val 657315949 ecr 2684763448], = length 0 22:17:30.360055 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3287:3427, ack 3838, win 1026, options [nop,nop,TS val 2684763449 = ecr 657315949], length 140 22:17:30.360057 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3427:3487, ack 3838, win 1026, options [nop,nop,TS val 2684763449 = ecr 657315949], length 60 22:17:30.360083 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3427, win 7808, options [nop,nop,TS val 657315949 ecr 2684763449], = length 0 22:17:30.360095 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3487, win 7806, options [nop,nop,TS val 657315949 ecr 2684763449], = length 0 22:17:30.382790 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3487:3643, ack 3838, win 1026, options [nop,nop,TS val 2684763472 = ecr 657315949], length 156 22:17:30.382815 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3643, win 7807, options [nop,nop,TS val 657315972 ecr 2684763472], = length 0 22:17:32.162070 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3838:3874, ack 3643, win 7812, options [nop,nop,TS val 657317749 ecr = 2684763472], length 36 22:17:32.162540 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3643:3695, ack 3874, win 1026, options [nop,nop,TS val 2684765252 = ecr 657317749], length 52 22:17:32.162602 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3695, win 7810, options [nop,nop,TS val 657317749 ecr 2684765252], = length 0 22:17:32.164784 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3695:3731, ack 3874, win 1026, options [nop,nop,TS val 2684765254 = ecr 657317749], length 36 22:17:32.164810 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3731, win 7811, options [nop,nop,TS val 657317751 ecr 2684765254], = length 0 22:17:32.165283 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [P.], = seq 3731:3871, ack 3874, win 1026, options [nop,nop,TS val 2684765254 = ecr 657317751], length 140 22:17:32.165308 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3871, win 7808, options [nop,nop,TS val 657317751 ecr 2684765254], = length 0 22:17:32.165450 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3874:3910, ack 3871, win 7812, options [nop,nop,TS val 657317751 ecr = 2684765254], length 36 22:17:32.165480 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [P.], = seq 3910:3970, ack 3871, win 7812, options [nop,nop,TS val 657317751 ecr = 2684765254], length 60 22:17:32.165524 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [F.], = seq 3970, ack 3871, win 7812, options [nop,nop,TS val 657317751 ecr = 2684765254], length 0 22:17:32.165795 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [.], = ack 3970, win 1025, options [nop,nop,TS val 2684765255 ecr 657317751], = length 0 22:17:32.165796 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [.], = ack 3971, win 1026, options [nop,nop,TS val 2684765255 ecr 657317751], = length 0 22:17:32.165826 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [F.], = seq 3970, ack 3871, win 7812, options [nop,nop,TS val 657317752 ecr = 2684765255], length 0 22:17:32.165838 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3871, win 7812, options [nop,nop,TS val 657317752 ecr 2684765255], = length 0 22:17:32.166037 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [.], = ack 3971, win 1026, options [nop,nop,TS val 2684765255 ecr 657317751], = length 0 22:17:32.166786 IP 192.168.10.20.22 > 192.168.10.50.64107: Flags [F.], = seq 3871, ack 3971, win 1026, options [nop,nop,TS val 2684765256 ecr = 657317752], length 0 22:17:32.166831 IP 192.168.10.50.64107 > 192.168.10.20.22: Flags [.], = ack 3872, win 7812, options [nop,nop,TS val 657317752 ecr 2684765256], = length 0 Here is the netstat output showing the established connection on the = same tuple as used in the initial SYN. =3D=3D=3D netstat output on server =3D=3D=3D netstat -an -p tcp Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address = (state) tcp4 0 0 192.168.10.20.22 192.168.10.50.64107 = ESTABLISHED > If it did not work this way, servers would be prevented from listening > for more requests while they handled a single request ... they would > effectively be serialized on a request-by-request basis. The 5-tuple of address, ports and protocols allows for multiple = connections to be made to the same server port. The fork-exec, new = thread, whatever allows the sever software to actually process the data. = Both are used to avoid serialization of connections, but the port = numbers are not renegotiated.=20 Thanks, Chris From owner-freebsd-questions@freebsd.org Fri Nov 17 03:43:14 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12C74DB93D1 for ; Fri, 17 Nov 2017 03:43:14 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CB124786B2 for ; Fri, 17 Nov 2017 03:43:13 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAH3hAGk045983 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Nov 2017 21:43:10 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: Chris Gordon Cc: javocado , freebsd-questions@freebsd.org References: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> <77066374-D052-412F-83F2-A56F945CACA7@theory14.net> From: Tim Daneliuk Message-ID: Date: Thu, 16 Nov 2017 21:43:05 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <77066374-D052-412F-83F2-A56F945CACA7@theory14.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Thu, 16 Nov 2017 21:43:11 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vAH3hAGk045983 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.895, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.11, RP_MATCHES_RCVD -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 03:43:14 -0000 On 11/16/2017 09:36 PM, Chris Gordon wrote: > Tim, > > I think we are talking past each other a little bit. Could be. I've been debugging dockerfiles and VM configs for hours and my brain is falling out of my ears :) From owner-freebsd-questions@freebsd.org Fri Nov 17 10:18:50 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1A26DC054C for ; Fri, 17 Nov 2017 10:18:50 +0000 (UTC) (envelope-from raimund.sacherer@logitravel.com) Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 82E2D25E6 for ; Fri, 17 Nov 2017 10:18:50 +0000 (UTC) (envelope-from raimund.sacherer@logitravel.com) Received: by mail-it0-x234.google.com with SMTP id m191so3493842itg.2 for ; Fri, 17 Nov 2017 02:18:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=logitravel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=RzyP6RVUT0kt2f/0law0jU/GiEElzvjgqf9xp4CjBdM=; b=khJZGYQJQyJAiZhPBK2p225pwV1V0CYkLOJNgyVOTjIAr3ZXjy2dqinRjb0xhLGcaA YLpfeIkJ03LcwNHtDOqqqVbQ7BG11DgW3nmuNesFL4s69ogK1c3Lf8s+lFHoLEHjuNik SuMyZP5yGPAAbk1WmLSXZWJ5HcJShpD9q4u5TEKTzax5/HU+TZe47pjfmKtNEZC0Q2VT asbA67SFHohuIYSp8nGCo+8nGHbiGumAlh7brG+e1ib7hS9yFk1qAG6VBkwjbEXomreX MXLuq6vKsk2TVy2Yj65aX5eRectdeKa18/9ECX+v65sUyCSsWqEyMYOPt1JDhMj0+rms M9rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=RzyP6RVUT0kt2f/0law0jU/GiEElzvjgqf9xp4CjBdM=; b=KQ4dTNgyDD63E4BErvRcnf1A97DcWBjVe+NAbmq9utg9dUTKYYOrLYQLVqYvni23Yw bCMpERaxJ1e/S96LemEPq9XABKDrXD/2Jyy5141OjGGSN+3ImRRuQhXPFMH7xoetg8qx 2xQaHMzQyK9BtJ5z5uZYF1g+8yvxxwYAU08cUY3bX5CC+v5EOe+oVUlqZ4fyiZJvYf/P m81H+RUTG6RhHECYJA19jqMBkM5AHY2+/aemTy6DXQmHVCUpstTFZNden6F3uLFoO4iK t5LPpHJoNF965JMcN0mj3AALFD5CUuaPuGX5yOOA34+SlK4qbsbtX3XKHiTYZ5AWVS4B awUg== X-Gm-Message-State: AJaThX4hUwe9rVdimWL/YLi+seTZc6dbn+aaiYfGWb6wcliFNdHkq9Dz W+RyokjdEk1C9qbOOl3wPyzJ46zXyJDy1x2fuuNvziBx X-Google-Smtp-Source: AGs4zMZczUe1aL+tDvMORZOnt8VWzp582NV8MYhd3Fo8UHc66PuWhk5i7W0T9pnYhkU08kkLskN1IWCdPg48q7QLzcg= X-Received: by 10.36.2.212 with SMTP id 203mr6058301itu.43.1510913929817; Fri, 17 Nov 2017 02:18:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.27.10 with HTTP; Fri, 17 Nov 2017 02:18:49 -0800 (PST) Reply-To: rs@logitravel.com In-Reply-To: <20171012204455.GA10740@bsd118.wpafb.af.mil> References: <3967.1507825257@segfault.tristatelogic.com> <20171012204455.GA10740@bsd118.wpafb.af.mil> From: Raimund Sacherer Date: Fri, 17 Nov 2017 11:18:49 +0100 Message-ID: Subject: Re: Another 11.1-RELEASE install minor annoyance (ntpd) To: vogelke@pobox.com Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 10:18:50 -0000 > Second, ntpd, internally, is built on a phase-locked loop, which is > supposed to stabilize its time corrections in the face of jitter and > other > bad things out in the real world. Like anything based on a negative > feedback loop, however, it can be destablized with certain inputs. > Giving ntpd two or more servers is a pretty good way to destabilize its > PLL in the real, non-ideal world we find on the modern Internet. > To anyone considering flaming me, please read this first: > > http://queue.acm.org/detail.cfm?id=3D1773943 > > At minimum, read the section "One server is enough". The bit on PLLs > about halfway down is also directly relevant. > > Hello, I read the article, but I am astonished, I am by no means any expert in time, but the article is from a lot of years back and I was questioning what was written there. Is ntp really working like they say, jumping from one time server to another? I thought it to be some sort of consensus based protocoll where it queries a couple of servers, boots off servers which are way off, and creates a consensus on the remaining ones? I would love if someone knowledgable how the protocol works could say if it really is better to have one server instead of a couple more? If so, than why most default configuration (like ubuntu) have 4 or 5 servers configured? The article also read a bit as promotional vehicle for radclock, but checking out radclocks webpage, their last modification seems to be 2015, and they still claim the "we like to have ready in 2 years" statement they had in 2008 .... Best Ray > -- > Karl Vogel I don't speak for the USAF or my company > > Teenage girl creates sustainable, renewable algae biofuel under her bed > --Extreme Tech headline, 19 March 201= 3 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > --=20 Raimund Sacherer Head of Tele-Communications Logitravel Group Edificio Logitravel Parcela 3B, Parc Bit Ctra. Palma - Valldemossa km 7,4 07121 Palma de Mallorca Tel 971 080 125 - 0145 Fax 971 213 495 L.O. 15/1999: Sus datos personales est=C3=A1n incorporados a un fichero de = la entidad remitente para el mantenimiento de las comunicaciones rec=C3=ADproc= as por cuestiones derivadas de su actividad. Para acceder, cancelar o rectificar su informaci=C3=B3n personal, as=C3=AD como para oponerse a su tratamiento, puede enviar un correo electr=C3=B3nico a privacy@logitravelgroup.com o dirigirse por escrito al domicilio que aparece en la firma de este correo. Este mensaje y sus documentos adjuntos son confidenciales. Si usted no es el destinatario, por favor p=C3=B3ngalo = en conocimiento del remitente y elimine esta comunicaci=C3=B3n y los documento= s adjuntos, sin reproducir ni comunicar sus contenidos. La transmisi=C3=B3n d= e correo electr=C3=B3nico no garantiza que sea seguro o libre de error, por l= o que declinamos cualquier responsabilidad al respecto. L.O. 15/1999: Your personal data are stored in a file of the sender to maintain reciprocal communications for issues arising from its business entity. To access, edit or delete your personal information and to object to your treatment, you can send an email to privacy@logitravelgroup.com or write to the address on the signature of this mail. This message and any attachments are confidential. If you are not the intended recipient, please put it known to the sender and delete this communication and attachments, without reproducing or communicate their contents. Email transmission not guaranteed to be secure or error-free, so disclaim any responsibility on it. From owner-freebsd-questions@freebsd.org Fri Nov 17 13:22:14 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7E64DDA25E for ; Fri, 17 Nov 2017 13:22:14 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65E7366BB0 for ; Fri, 17 Nov 2017 13:22:13 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vAHDM9l8071093; Sat, 18 Nov 2017 00:22:09 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 18 Nov 2017 00:22:09 +1100 (EST) From: Ian Smith To: javocado cc: freebsd-questions@freebsd.org Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? In-Reply-To: Message-ID: <20171117234726.H72828@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 13:22:15 -0000 In freebsd-questions Digest, Vol 702, Issue 7, Message: 13 On Thu, 16 Nov 2017 16:07:47 -0800 javocado wrote: > I think you misunderstand what I am asking - you have explained why a > "established" rule is needed in the ruleset. You are correct and it is > something (an established rule) that I always use. You also use 'from any to any' without specifying whether inbound to, or outbound from your machine, which can be dangerous unless elsewhere protected in your ruleset. I would suggest studying /etc/rc.firewall as several long-proven sets of ipfw rules, written and maintained by our skilled security people. The 'client' ruleset might suit you out of the box, or with small modifications. For example, it shows allowing for running a mail server, but is otherwise restrictive on what inbound connections are allowed, but unrestrictive in what you can do outbound. > What I am saying is: I just noticed that you can specify a port number in > the established rule: > > > allow tcp from any to any 22 established > > > ... which I don't understand. In fact, I think it is a bug, but I am > asking to make sure. It doesn't seem like specifying a port in the > established rule makes any sense ... You can specify ports, or port ranges, or tables of ports, or addresses, interfaces, etc., on any TCP rule. 'established' is just a qualifier, meaning only that a packet does not have the SYN bit set (ie, is not a 'setup' packet). I use several rules that deny (or in some cases allow) established packets from a) certain networks or addresses in tables; and b) on certain ports to internal addresses that do not handle such traffic. Do not be mislead by the IPFW Handbook page, or the rulesets there; read ipfw(8) and prosper. At least start from a basically secure framework, even before you need to understand how it all works. Thanks Chris Gordon for showing how ssh connections work .. cheers, Ian From owner-freebsd-questions@freebsd.org Fri Nov 17 14:13:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5EE5DDB41C for ; Fri, 17 Nov 2017 14:13:31 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from smtprelay-b32.telenor.se (smtprelay-b32.telenor.se [213.150.131.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7CCC068301 for ; Fri, 17 Nov 2017 14:13:30 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from ipb2.telenor.se (ipb2.telenor.se [195.54.127.165]) by smtprelay-b32.telenor.se (Postfix) with ESMTP id 2246687F40 for ; Fri, 17 Nov 2017 14:40:19 +0100 (CET) X-SENDER-IP: [195.54.99.213] X-LISTENER: [smtp.glocalnet.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2CyAACh299ZmNVjNsNeHQEFAQsBhS8ujwaOPoIDliKCEgeJf0EWAQIBAQEBAQEBEwEBAQEBBg0LBigvhlkTIQUYimYBrhOLXw+DLYIHjDaCdoIyBYocjkiIYIFtknANghSBdI8IiiGNAyUBgT8yIQgySYRWAVOBdIs7AYEQAQEB X-IPAS-Result: A2CyAACh299ZmNVjNsNeHQEFAQsBhS8ujwaOPoIDliKCEgeJf0EWAQIBAQEBAQEBEwEBAQEBBg0LBigvhlkTIQUYimYBrhOLXw+DLYIHjDaCdoIyBYocjkiIYIFtknANghSBdI8IiiGNAyUBgT8yIQgySYRWAVOBdIs7AYEQAQEB X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="asc'?scan'208";a="1055402227" Received: from smtprelay-b22.telenor.se ([195.54.99.213]) by ipb2.telenor.se with ESMTP; 17 Nov 2017 14:44:10 +0100 Received: from ipb2.telenor.se (ipb2.telenor.se [195.54.127.165]) by smtprelay-b22.telenor.se (Postfix) with ESMTP id 3F5B9C725 for ; Fri, 17 Nov 2017 14:44:10 +0100 (CET) X-SENDER-IP: [85.227.12.184] X-LISTENER: [smtp.bredband.net] X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="asc'?scan'208";a="1055402226" Received: from ua-85-227-12-184.cust.bredbandsbolaget.se (HELO ymer.bara1.se) ([85.227.12.184]) by ipb2.telenor.se with ESMTP; 17 Nov 2017 14:44:09 +0100 Received: by ymer.bara1.se (Postfix, from userid 1001) id 5CA144EC28; Fri, 17 Nov 2017 14:44:09 +0100 (CET) Date: Fri, 17 Nov 2017 14:44:09 +0100 From: User Hasse To: freebsd-questions@freebsd.org Subject: Need help to update devel/oniguruma port Message-ID: <20171117134409.GA66048@ymer.bara1.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline X-PGP-Key: https://www.bara1.se/pubkey.asc User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 14:13:31 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello I'm stucked at updating the devel/oniguruma port trying to follow the instructions in /usr/ports/UPDATING root@ymer:/home/hasse # portmaster -o devel/oniguruma devel/oniguruma6 ===>>> Port directory: /usr/ports/devel/oniguruma ===>>> Gathering distinfo list for installed ports ===>>> Launching 'make checksum' for devel/oniguruma in background ===>>> Gathering dependency list for devel/oniguruma from ports ===>>> Initial dependency check complete for devel/oniguruma ===>>> Starting build for devel/oniguruma <<<=== ===>>> All dependencies are up to date ===> Cleaning for oniguruma6-6.6.1 ===> License BSD2CLAUSE accepted by the user ===> oniguruma6-6.6.1 depends on file: /usr/local/sbin/pkg - found ===> Fetching all distfiles required by oniguruma6-6.6.1 for building ===> Extracting for oniguruma6-6.6.1 => SHA256 Checksum OK for kkos-oniguruma-v6.6.1_GH0.tar.gz. ===> Patching for oniguruma6-6.6.1 ===> Applying FreeBSD patches for oniguruma6-6.6.1 File to patch: Have tried different files to patch, but none working. Best Regards Hasse Hansson. --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEZmmwl+ajAr4eHVHbDLsBtTa490kFAloO55FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY2 NjlCMDk3RTZBMzAyQkUxRTFENTFEQjBDQkIwMUI1MzZCOEY3NDkACgkQDLsBtTa4 90mhuggAi9ycAiS+OVlGoQ41Zf+RBjy7blIcN5xpDboswWz/EvKYFBTPNgHNm1jm u6Pz6yfiK0DwaQYfgXTOZ0d7bWtwhxY82h9s9KOks/AnXytH8b4KdVEDUmeHJxmV dggetUO/Nfjodg76A6CzobzQ1Dfuh0Df1Vv/sVjoTs4v+g5PgJ2F/1mS5OTj+Whi CbCWkvBJHfHC1V58U8RAC1WmopiPotPBALl/ytOPMk+Ep/DFiAYLE3WpRfUHI9OY ZmscHZHIj/bzCj2zaKG5H4DdsN9h5BvN6Ebq3q8SzatErlrAgNRZjNpCeSAkq67J FE6Xd37Z594nq4r7Z6GM2jfyM9g+gQ== =Fng0 -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7-- From owner-freebsd-questions@freebsd.org Fri Nov 17 14:59:12 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B69D1DDC161 for ; Fri, 17 Nov 2017 14:59:12 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3F1246938F for ; Fri, 17 Nov 2017 14:59:12 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id vAHEx5Bm073127 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 17 Nov 2017 15:59:05 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id vAHEx59p073124 for ; Fri, 17 Nov 2017 15:59:05 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Fri, 17 Nov 2017 15:59:05 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: FreeBSD questions Subject: Re: Need help to update devel/oniguruma port In-Reply-To: <20171117134409.GA66048@ymer.bara1.se> Message-ID: References: <20171117134409.GA66048@ymer.bara1.se> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 14:59:12 -0000 On Fri, 17 Nov 2017 14:44+0100, User Hasse wrote: > Hello > > I'm stucked at updating the devel/oniguruma port trying to follow the instructions in > /usr/ports/UPDATING > > root@ymer:/home/hasse # portmaster -o devel/oniguruma devel/oniguruma6 > > ===>>> Port directory: /usr/ports/devel/oniguruma > > ===>>> Gathering distinfo list for installed ports > > ===>>> Launching 'make checksum' for devel/oniguruma in background > ===>>> Gathering dependency list for devel/oniguruma from ports > ===>>> Initial dependency check complete for devel/oniguruma > > > ===>>> Starting build for devel/oniguruma <<<=== > > ===>>> All dependencies are up to date > > ===> Cleaning for oniguruma6-6.6.1 > ===> License BSD2CLAUSE accepted by the user > ===> oniguruma6-6.6.1 depends on file: /usr/local/sbin/pkg - found > ===> Fetching all distfiles required by oniguruma6-6.6.1 for building > ===> Extracting for oniguruma6-6.6.1 > => SHA256 Checksum OK for kkos-oniguruma-v6.6.1_GH0.tar.gz. > ===> Patching for oniguruma6-6.6.1 > ===> Applying FreeBSD patches for oniguruma6-6.6.1 > File to patch: > > Have tried different files to patch, but none working. Here are some suggestions: Do you for some reason have a directory named "files" in /usr/ports/devel/oniguruma? If so, you could rename that directory, or remove that directory and its contents. You could also verify manually if devel/oniguruma builds correctly: pushd /usr/ports/devel/oniguruma make build make clean popd If it builds correctly, then portmaster does something unexpected. devel/oniguruma builds cleanly on one of my systems, and I'm at r454311. Maybe you should update both your source and ports trees, and if possible install an updated kernel and a freshly built world. -- Trond. From owner-freebsd-questions@freebsd.org Fri Nov 17 15:17:41 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3302DDC77B for ; Fri, 17 Nov 2017 15:17:41 +0000 (UTC) (envelope-from sales004@hdvclo.top) Received: from mx61.dns.com.cn (mx61.dns.com.cn [180.76.192.61]) by mx1.freebsd.org (Postfix) with ESMTP id 75B8269E41 for ; Fri, 17 Nov 2017 15:17:41 +0000 (UTC) (envelope-from sales004@hdvclo.top) Received: from R2BSPH2QJE86463 (unknown [110.81.69.16]) by mx61.dns.com.cn (DNS Email Server) with ESMTPA id 50BA310134F for ; Fri, 17 Nov 2017 23:17:40 +0800 (CST) Date: Fri, 17 Nov 2017 23:19:08 +0800 (CST) From: 6112138@QQ.com To: freebsd-questions@FreeBSD.org Message-ID: <25096469.2851.1510931948904.JavaMail.Administrator@R2BSPH2QJE86463> Subject: Dear freebsd-questionssanitary ware supplier 23:19:08 X-Priority: 1 X-Scanned-By: AntiSpam on 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset="gbk" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 15:17:41 -0000 From owner-freebsd-questions@freebsd.org Fri Nov 17 15:46:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18D83DDD43A for ; Fri, 17 Nov 2017 15:46:42 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB1076B3BF for ; Fri, 17 Nov 2017 15:46:41 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-vk0-x22d.google.com with SMTP id h82so1908635vkf.7 for ; Fri, 17 Nov 2017 07:46:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=fTqQ4OLrh+nFgObvdmk0wc7+fjhgMpYxGgRRocc00Fc=; b=Su+iVyBbb0HD12hVeoFBMhQxxRrGVorYI6l22ZhhfiYKj4rnx0SCHruNbsneU4yF8C KDlGUUcw+q3N1gmYyJqtiWcm/SHVPQbySbYy05CThX/jKaosN0ZPy6azqZiLJXPSiaKq UcArHlB77qx+HkJF71NgwgzfnUVRbICxJ3EeP5PAbC7WDNB2ywXHEK7drRHeQROW0ZHU DreO5khTxz25eq1SX7Ycbawx+ZN3xU/hfoHuxEuhQMNEAuWsDvWtoEziTkqRLAVOxg82 Md1gHvfQzHMvRPgQOJITfMLDQLoZ1Oqr4yqWCulBlqprMc2bbmdWpdZK8+OUtr/cV+qp Um0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fTqQ4OLrh+nFgObvdmk0wc7+fjhgMpYxGgRRocc00Fc=; b=A+al8u/+zNRKvYrlGOrcQM9RMen9/xasMVd2oOOQelTD1tQ0bGu7OmPb2a2T99DiJu L7AM6wU+teujzvESFDI8Te1sVO/8+Y4+aLtD+PMY5mOwZLIHj1M+A0cOZyrNok6Ofeoi 6xQZ5h4rHYwApxrInu+WKQrk5XER2oWJWVVkR0jIlBGgiZLZ0D0qJgB8Aft4yYp7LznL N9wAXsujI8dpvUZqI7RQLcbgx8kZnV2tCBkVygRa3/Dz123vZp93JNIORtVYWpJIVU+D fIHe8A7fjZJWzsbflnuCstBUT7Q3cWfDNbfgX1HI8IgB8eW+sRMXUAHIdncqVivbhElc Cqtg== X-Gm-Message-State: AJaThX5R1K5kOcJTc36lz8Z5GjM+e2DEXB/WeJUXq/26bS40T+kRB2Iy IYLFta4d+BJ4fds32vpRJnv1jmlLx/GNubhPrsghUBcS X-Google-Smtp-Source: AGs4zMZm+A1ThcGgIRELxOprXKTXiwzsf1IMYHyYy9n/CPeg87uJARPT7acPUpK5fZt7aaMVu1wJ5xyFNHnVCyB8LhY= X-Received: by 10.31.96.15 with SMTP id u15mr4209842vkb.176.1510933600817; Fri, 17 Nov 2017 07:46:40 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.141.8 with HTTP; Fri, 17 Nov 2017 07:46:40 -0800 (PST) From: Alejandro Imass Date: Fri, 17 Nov 2017 10:46:40 -0500 Message-ID: Subject: Old FreeBSD Downloads To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 15:46:42 -0000 Hi, The link to http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/ Seems down. Where can I obtain 9.0-RELEASE ? TIA, Alex From owner-freebsd-questions@freebsd.org Sat Nov 18 01:47:30 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4220FDE8F77 for ; Sat, 18 Nov 2017 01:47:30 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from dnvrco-cmomta03.email.rr.com (dnvrco-outbound-snat.email.rr.com [107.14.73.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 257F17DEE5 for ; Sat, 18 Nov 2017 01:47:29 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from [192.168.0.11] ([76.183.153.52]) by cmsmtp with ESMTPA id FsE4etN111nXhFsE6ePjHq; Sat, 18 Nov 2017 01:47:24 +0000 Date: Fri, 17 Nov 2017 19:47:19 -0600 From: Paul Schmehl Reply-To: Paul Schmehl To: User Hasse , freebsd-questions@freebsd.org Subject: Re: Need help to update devel/oniguruma port Message-ID: In-Reply-To: <20171117134409.GA66048@ymer.bara1.se> References: <20171117134409.GA66048@ymer.bara1.se> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-CMAE-Envelope: MS4wfP3uJP9MXDuubxDZp2JbrcXba9PEOOsRIFmaQ+FOaSh8Fx54xnF2DL2ViqOtOZ+ZiAmaXPy6tCZ2yNK/fqzPe09z5dGx9PEGYt4tyGYTgQbwzbmJNXHg y/UyIycUpCI83SRa4mgQAMvLhnwsRuG3ztscHJEEzUS4eFocZRYe2FL/aUDIr0MU/FMCjEIklaxl+/ghN+DdgvssCZpdT1hyp7z1OM3OhOA7d7V9Q7g7PmNX X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 01:47:30 -0000 --On November 17, 2017 at 2:44:09 PM +0100 User Hasse wrote: > Hello > > I'm stucked at updating the devel/oniguruma port trying to follow the > instructions in /usr/ports/UPDATING > > root@ymer:/home/hasse # portmaster -o devel/oniguruma devel/oniguruma6 > > ===>>> Port directory: /usr/ports/devel/oniguruma > > ===>>> Gathering distinfo list for installed ports > > ===>>> Launching 'make checksum' for devel/oniguruma in background > ===>>> Gathering dependency list for devel/oniguruma from ports > ===>>> Initial dependency check complete for devel/oniguruma > > > ===>>> Starting build for devel/oniguruma <<<=== > > ===>>> All dependencies are up to date > > ===> Cleaning for oniguruma6-6.6.1 > ===> License BSD2CLAUSE accepted by the user > ===> oniguruma6-6.6.1 depends on file: /usr/local/sbin/pkg - found > ===> Fetching all distfiles required by oniguruma6-6.6.1 for building > ===> Extracting for oniguruma6-6.6.1 > => SHA256 Checksum OK for kkos-oniguruma-v6.6.1_GH0.tar.gz. > ===> Patching for oniguruma6-6.6.1 > ===> Applying FreeBSD patches for oniguruma6-6.6.1 > File to patch: > > Have tried different files to patch, but none working. > > Best Regards > Hasse Hansson. > I had the same problem. Delete the files in the port. Then copy the ones from here back into the directory. (type devel/oniguruma into the search box. There is no patch in that port, and I have no idea how it got there. It wasn't in the port on other servers, so I copied the port from one of those to the one that was failing. Paul Schmehl, Retired As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell From owner-freebsd-questions@freebsd.org Sat Nov 18 05:59:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 185BADEF9CD for ; Sat, 18 Nov 2017 05:59:17 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay15.qsc.de (mailrelay15.qsc.de [212.99.187.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8483264786 for ; Sat, 18 Nov 2017 05:59:16 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay15.qsc.de; Sat, 18 Nov 2017 06:59:07 +0100 Received: from r56.edvax.de (port-92-195-48-11.dynamic.qsc.de [92.195.48.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 856293CBF9; Sat, 18 Nov 2017 06:59:05 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vAI5x4UG002041; Sat, 18 Nov 2017 06:59:04 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sat, 18 Nov 2017 06:59:04 +0100 From: Polytropon To: Alejandro Imass Cc: FreeBSD Questions Subject: Re: Old FreeBSD Downloads Message-Id: <20171118065904.60b2cde8.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay15.qsc.de with F3C386E5476 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.2010 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 05:59:17 -0000 On Fri, 17 Nov 2017 10:46:40 -0500, Alejandro Imass wrote: > The link to http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/ > > Seems down. Where can I obtain 9.0-RELEASE ? Seems to work again (Nov 18 2017, 06:58:27). The download links are: http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/9.0-RELEASE/ http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/9.0-RELEASE/ http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/ISO-IMAGES/9.0/ http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/ISO-IMAGES/9.0/ -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sat Nov 18 09:27:14 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B848DF2D25 for ; Sat, 18 Nov 2017 09:27:14 +0000 (UTC) (envelope-from jau789@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4486A69508 for ; Sat, 18 Nov 2017 09:27:14 +0000 (UTC) (envelope-from jau789@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 404FCDF2D24; Sat, 18 Nov 2017 09:27:14 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FAFFDF2D23 for ; Sat, 18 Nov 2017 09:27:14 +0000 (UTC) (envelope-from jau789@gmail.com) Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 502DD69507 for ; Sat, 18 Nov 2017 09:27:13 +0000 (UTC) (envelope-from jau789@gmail.com) Received: by mail-lf0-x22c.google.com with SMTP id e143so5149227lfg.12 for ; Sat, 18 Nov 2017 01:27:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-language; bh=u63TJEi6RbqxHZ9zAhpqPJ/s8QbtoX4UtbVNzhhHIXc=; b=SWlOVda81wwSgIV+H7WtKk3uAomZYOU4NWhDFqzbQTt7/5dfKIZ1tdyn5H6UAGFm4B veY16ERMLdYGZcMTrKPd8/ASm4UlCeE8s2nT1M0jVmE5NbB1yy2EeBHYHlTZa8pY9KJu NgcNazv0KXkUVOcin3EDrWdLv6BkwnjqIwrwnGs5OGZWvXjajh0Ewv1Z6U22Dtt+EpQu PozAlODfL6E1L7nyr4/O/k8H8AeRfpAF6d9zA8tkZZYOTYBpOfrrKkvraC1u7eCIARsU 9g8gYli64tl36xmpgVVAoRw+e84nRieZ+cxtBacdlyYGARTzEsnFNsPFD4z5z5xkaukq Nogg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-language; bh=u63TJEi6RbqxHZ9zAhpqPJ/s8QbtoX4UtbVNzhhHIXc=; b=E/9D9tiiWzsY1nRDcq+9M5b5F47709+JtcIRQ7YRODMsDT/ty7wE4bKHad4Zl2h/hN S7WvSwqslP/biUFRmXC8QvmKIxMmVK9xUUjkDzlUgpNsZEGgod0av7mKY21Dua8suoqw LbK39D3y2Mk1H244JQfoyaUZnWkU6cHJEom0wTxsEtVMo8Am5jEVT0ZqldcD2X7jTZOI sFqP190ZOOZUeg4pXYdw1zK5fxoRu55bQ9HVBxcz+ckBAuvgzz56BhpyVgAFZlqMD8CY KXQUVX+l65JnRyNR+nU1g27x+suTDGgkTwYvAmJvijXGmYdrJqdDU3nquGB/5tHq47Mu YBPA== X-Gm-Message-State: AJaThX6KEy81Wlb7Uxz2xgoSL9m9dadO4EwUR17U+nv+vDNxnPQGuGg3 n5UlNaTN5jazgAlAJMvr6Ecg0w== X-Google-Smtp-Source: AGs4zMZlt07Jpa1DDjrP/CF4KlTfXnCCjye/yfwJWGNJ1ygf9cNHMQhtQmtubg215xpjEcw+rc4D7A== X-Received: by 10.46.65.66 with SMTP id o63mr1926069lja.172.1510997231120; Sat, 18 Nov 2017 01:27:11 -0800 (PST) Received: from [192.168.1.131] (xdsl-205-1.nblnetworks.fi. [83.145.205.1]) by smtp.googlemail.com with ESMTPSA id z68sm674346lje.26.2017.11.18.01.27.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Nov 2017 01:27:10 -0800 (PST) From: "Jukka A. Ukkonen" Subject: 10.4-stable systematically crashing inside pselect() when a tun device is used To: questions@freebsd.org Message-ID: Date: Sat, 18 Nov 2017 11:27:07 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Language: en-GB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 09:27:14 -0000 Hello all, As briefly stated in the subject I have a 10-stable system on which I have been testing a program which opens either a tun device or a tap device, waits in pselect() for the descriptor to become readable, and then proceeds to read the packet/frame. When using a tun descriptor the pselect() call always panics the kernel with the complaints shown in the photo below. When using a tap device the same code works just fine. After a little eyeballing I failed to notice any obvious reason for this in the tun device code. I hope someone who knows the tun device better might be able to tell me what should I see in this. At the very minimum the pselect() call should fail properly with an error code. Raising a panic and crashing the whole kernel gives me the impression that there is something very seriously wrong there. At least for now it just has not dawned to me what it is. The system doing this is just the average amd64 running 10-stable. So, this should not be a hardware related issue on a rarely used hardware. Any hints, pointers, helpful sophisticated guesses etc. would be welcome. —jau From owner-freebsd-questions@freebsd.org Sat Nov 18 10:30:05 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22EEBDB807B for ; Sat, 18 Nov 2017 10:30:05 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0B1BD6B089 for ; Sat, 18 Nov 2017 10:30:05 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: by mailman.ysv.freebsd.org (Postfix) id 079EBDB807A; Sat, 18 Nov 2017 10:30:05 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05708DB8078 for ; Sat, 18 Nov 2017 10:30:05 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B5FBC6B088 for ; Sat, 18 Nov 2017 10:30:04 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: from [172.20.10.2] (unknown [188.188.30.158]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id B29CB9E73; Sat, 18 Nov 2017 11:30:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1511001001; bh=S/G/ql33aVq5X2fqiWwfqvnyQ1femik/XDXAclpjSHQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=DPGX4/k5Eu9azUJ4vxaOHmMFPzq/9xZE+zsoX5Y8QmNSoYe32wLQWAXLc7LZGNjYC hi+L8STJR+1W8fbT8nSTpnu4BzcvRBLXr6aWSfhKCAniPGBtDPEM20g5vxsk76PHry mI2QKD3IDQoQbXjfCIBz8e15FCjub9GC3lyA+rz8= From: "Kristof Provost" To: "Jukka A. Ukkonen" Cc: questions@freebsd.org Subject: Re: 10.4-stable systematically crashing inside pselect() when a tun device is used Date: Sat, 18 Nov 2017 11:30:00 +0100 Message-ID: <98FCCAA8-B52E-462E-A5FF-4A58FE586253@sigsegv.be> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6096) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 10:30:05 -0000 On 18 Nov 2017, at 10:27, Jukka A. Ukkonen wrote: > Hello all, > > As briefly stated in the subject I have a 10-stable system on > which I have been testing a program which opens either a tun > device or a tap device, waits in pselect() for the descriptor > to become readable, and then proceeds to read the packet/frame. > When using a tun descriptor the pselect() call always panics the > kernel with the complaints shown in the photo below. When using > a tap device the same code works just fine. The mailing lists don’t allow attachments. You’ll have to get a text version of the backtrace. (Set dumpdev="AUTO" in /etc/rc.conf, reboot, trigger the crash. Look for /var/crash/core.txt.0) Regards, Kristof From owner-freebsd-questions@freebsd.org Sat Nov 18 12:20:54 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0D33DBA36F for ; Sat, 18 Nov 2017 12:20:54 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from smtprelay-b12.telenor.se (smtprelay-b12.telenor.se [62.127.194.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4AF106DDF7 for ; Sat, 18 Nov 2017 12:20:53 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from ipb3.telenor.se (ipb3.telenor.se [195.54.127.166]) by smtprelay-b12.telenor.se (Postfix) with ESMTP id BACE4EA1AA for ; Sat, 18 Nov 2017 13:15:27 +0100 (CET) X-SENDER-IP: [195.54.99.212] X-LISTENER: [smtp.glocalnet.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2AWAAAZ3N9ZmNRjNsNeGQEBAQEBAQEBAQEBBwEBAQEBhEFuJweOEnSOPoF2DZYiggkEBQcbC4RJTwKEPz8YAQIBAQEBAQEBEwEBAQEBCAsLBigvhR4BAQEDAQFMIAsQCxgJEAIBEg8FEwEEBSwIBwQBGgIEigEBC64JizwBAQEBAQEEAQEBAQEBEwoFgy2CB4VXgQ6EZQEBewKCY4IyBYocjkiIYIdehwOFfA2CFIF0jwiKIY0DH4FGMiEIMkmFKoF0dQhaiDMNGIEMAYEQAQEB X-IPAS-Result: A2AWAAAZ3N9ZmNRjNsNeGQEBAQEBAQEBAQEBBwEBAQEBhEFuJweOEnSOPoF2DZYiggkEBQcbC4RJTwKEPz8YAQIBAQEBAQEBEwEBAQEBCAsLBigvhR4BAQEDAQFMIAsQCxgJEAIBEg8FEwEEBSwIBwQBGgIEigEBC64JizwBAQEBAQEEAQEBAQEBEwoFgy2CB4VXgQ6EZQEBewKCY4IyBYocjkiIYIdehwOFfA2CFIF0jwiKIY0DH4FGMiEIMkmFKoF0dQhaiDMNGIEMAYEQAQEB X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="asc'?scan'208";a="1705541783" Received: from smtprelay-b21.telenor.se ([195.54.99.212]) by ipb3.telenor.se with ESMTP; 18 Nov 2017 12:50:22 +0100 Received: from ipb1.telenor.se (ipb1.telenor.se [195.54.127.164]) by smtprelay-b21.telenor.se (Postfix) with ESMTP id D6E2FE8A0C; Sat, 18 Nov 2017 13:18:11 +0100 (CET) X-SENDER-IP: [85.227.12.184] X-LISTENER: [smtp.bredband.net] X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="asc'?scan'208";a="1228545540" Received: from ua-85-227-12-184.cust.bredbandsbolaget.se (HELO ymer.bara1.se) ([85.227.12.184]) by ipb1.telenor.se with ESMTP; 18 Nov 2017 12:50:21 +0100 Received: by ymer.bara1.se (Postfix, from userid 1001) id 411CD1BA5E; Sat, 18 Nov 2017 12:50:21 +0100 (CET) Date: Sat, 18 Nov 2017 12:50:21 +0100 From: User Hasse To: Trond =?iso-8859-1?Q?Endrest=F8l?= Cc: FreeBSD questions Subject: Re: Need help to update devel/oniguruma port Message-ID: <20171118115021.GA93005@ymer.bara1.se> References: <20171117134409.GA66048@ymer.bara1.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline In-Reply-To: X-PGP-Key: https://www.bara1.se/pubkey.asc User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 12:20:54 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello. Thank you very much for your effort to help me. Sorry I forgot to write that my sources and portsystem was all up to date. Yes, Your solution to remove the directory named "files" make a deistall an= d a new install worked. Problem solved. Best regards Hasse. On Fri, Nov 17, 2017 at 03:59:05PM +0100, Trond Endrest=F8l wrote: > On Fri, 17 Nov 2017 14:44+0100, User Hasse wrote: >=20 > > Hello > >=20 > > I'm stucked at updating the devel/oniguruma port trying to follow the i= nstructions in > > /usr/ports/UPDATING > >=20 > > root@ymer:/home/hasse # portmaster -o devel/oniguruma devel/oniguruma6 > >=20 > > =3D=3D=3D>>> Port directory: /usr/ports/devel/oniguruma > >=20 > > =3D=3D=3D>>> Gathering distinfo list for installed ports > >=20 > > =3D=3D=3D>>> Launching 'make checksum' for devel/oniguruma in background > > =3D=3D=3D>>> Gathering dependency list for devel/oniguruma from ports > > =3D=3D=3D>>> Initial dependency check complete for devel/oniguruma > >=20 > >=20 > > =3D=3D=3D>>> Starting build for devel/oniguruma <<<=3D=3D=3D > >=20 > > =3D=3D=3D>>> All dependencies are up to date > >=20 > > =3D=3D=3D> Cleaning for oniguruma6-6.6.1 > > =3D=3D=3D> License BSD2CLAUSE accepted by the user > > =3D=3D=3D> oniguruma6-6.6.1 depends on file: /usr/local/sbin/pkg - fo= und > > =3D=3D=3D> Fetching all distfiles required by oniguruma6-6.6.1 for buil= ding > > =3D=3D=3D> Extracting for oniguruma6-6.6.1 > > =3D> SHA256 Checksum OK for kkos-oniguruma-v6.6.1_GH0.tar.gz. > > =3D=3D=3D> Patching for oniguruma6-6.6.1 > > =3D=3D=3D> Applying FreeBSD patches for oniguruma6-6.6.1 > > File to patch: > >=20 > > Have tried different files to patch, but none working. >=20 > Here are some suggestions: >=20 > Do you for some reason have a directory named "files" in=20 > /usr/ports/devel/oniguruma? If so, you could rename that directory, or=20 > remove that directory and its contents. >=20 > You could also verify manually if devel/oniguruma builds correctly: >=20 > pushd /usr/ports/devel/oniguruma > make build > make clean > popd >=20 > If it builds correctly, then portmaster does something unexpected. >=20 > devel/oniguruma builds cleanly on one of my systems, and I'm at=20 > r454311. >=20 > Maybe you should update both your source and ports trees, and if=20 > possible install an updated kernel and a freshly built world. >=20 > --=20 > Trond. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --UugvWAfsgieZRqgk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEZmmwl+ajAr4eHVHbDLsBtTa490kFAloQHnJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY2 NjlCMDk3RTZBMzAyQkUxRTFENTFEQjBDQkIwMUI1MzZCOEY3NDkACgkQDLsBtTa4 90ko5QgAorJgphBDgsGHw2X1EhZp/zFj7idXTZPkIrNC+3VFpp0yIUO1+Fe6C4AA KIpwLwPHeMrcu4I44zcOlcsQz3xS28Eb6mX/Tj6IDt8P7Nh0Wa20KlVlLh0zfycN PP2pK5G18O2m3TlC/811ggL35uZ7zGOi7a5A4E/Cqz3GZ4wiqW+3UGyYmfmvQDhz TbZMEVHmQzUW5KSzVNyfZlUflGWuJGquE474beViJL/3WdlbX0Xu+sfaHTpWDLSo wO6SqE41Nnb6wZCdN1RO3eyPeMzjef2zNy0rSpukgIWZhnuoAdF9N8un0haqtPmD gsOO5g2E5JsnhFJI6L1mb92HyOyeHw== =O/e8 -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From owner-freebsd-questions@freebsd.org Sat Nov 18 15:26:41 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31A0DDBD994 for ; Sat, 18 Nov 2017 15:26:41 +0000 (UTC) (envelope-from guyyur@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BCE3D734DC; Sat, 18 Nov 2017 15:26:40 +0000 (UTC) (envelope-from guyyur@gmail.com) Received: by mail-wm0-x231.google.com with SMTP id v186so11341243wma.2; Sat, 18 Nov 2017 07:26:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=MGUTItbqVB3RHCFmHQQjctScHJi5bUPGfnMErK4l0LQ=; b=Z+8NgSaJhFW+/tQNuE1tLdmkcMQns9rvpHgdkTjrKopVXrY0Lt+yNhV+vktDK6ZxzA xwcBnvZv2buGP2kNP/afflnPhp56++bMc+UBtl9Sl6+IQq0bRG3f96jvuwuN1xgX/2kY s0vW1JzhMzxPnHkGVJieAfyBxjIDp4AXkT+IwXvzrD5/uHcc+Zd/sOnN/NxlCs4PxfWM Yj92NAh0JAlPQX+OBn+5d1Ivlmb5fUlT6LKREnsqLXZcElQ3JMusDAGvwrUOIaUHiXvM PcLlmQfS4GND3ccGyfM/Og0E5EXJT2ACFco6TzsUSMfQ7wlcaMGhbd35vWHQg1JayTWb d1Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=MGUTItbqVB3RHCFmHQQjctScHJi5bUPGfnMErK4l0LQ=; b=kIrQ0Djm1hmermQG7/x4Tx9vd/PBCyH/YJ3H74EMDYnji52EvRPDnR2hWeQP05Myvy LsNGzu09fDVh17F6/OVYT0AhhwEv2o8aVtHNyDkqM/gySPfM7fXbXgNHoVOdJZUeu4ug nM1m22CZixVlR9hZ1F6edth2yTRiDgydZAXiMFlVWq6kl26gFeBgJAr62S/ZN31QX+M2 Nv7LAX6y8jGtAFU3GY3t4pdZG0W5TMJ3jlBqO026guz959h/rRtiVbNQGB5k/rvc+MNU +GstVXR0VffT3ddYbljDXu7/jsFMbkSpYxdaZMc9mPDIdBzWNvg3Eu3t2iEl3JmKQODm cjCA== X-Gm-Message-State: AJaThX5Sk80XFMesr13JW8+MvpWiYIR4a/dn56QaXxBnb58u/vVGdbHt +VX+OIJUpr3DEnfieX0djPXA0kk/3fV6s4ekz1WvKw== X-Google-Smtp-Source: AGs4zMacBF4upICYrDvV9CdAyMrosprp7VlLTPMyjeymVvGXqxI9LDAqLe6cNGQXxijehH4v0MTqpDR2TUZMWGH/YN4= X-Received: by 10.28.137.80 with SMTP id l77mr6233379wmd.24.1511018798771; Sat, 18 Nov 2017 07:26:38 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.197.67 with HTTP; Sat, 18 Nov 2017 07:26:38 -0800 (PST) From: Guy Yur Date: Sat, 18 Nov 2017 17:26:38 +0200 Message-ID: Subject: using native-xtools's make and MACHINE, MACHINE_ARCH values To: freebsd-questions@freebsd.org, Bryan Drewery Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 15:26:41 -0000 Hi, I am trying to use native-xtools's make (amd64 targeting armv7) on an amd64 host in an armv7 chroot. (qemu-arm-static and binmiscctl used for the arm binaries.) Running /nxb-bin/usr/bin/make -V MACHINE and -V MACHINE_ARCH it reports amd64, amd64 not arm, armv7. (12.0-CURRENT r325963) Do I need to override MACHINE and MACHINE_ARCH explicitly when running nxb's make or should it report the target values? bmake is compiled with -DMAKE_NATIVE in usr.bin/bmake/Makefile so it uses uname, sysctl to get the values. If I add -UMAKE_NATIVE -DMAKE_MACHINE=\"${MACHINE}\" -DMACHINE_ARCH=\"${MACHINE_ARCH}\" to the nxb's make compilation it reports arm and armv7. Turning off MAKE_NATIVE also affects other things so it is probably not be the correct change to make. Thanks, Guy From owner-freebsd-questions@freebsd.org Sat Nov 18 16:16:49 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72655DBECED for ; Sat, 18 Nov 2017 16:16:49 +0000 (UTC) (envelope-from jau789@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4D26274D6C for ; Sat, 18 Nov 2017 16:16:49 +0000 (UTC) (envelope-from jau789@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 4C0BDDBECEC; Sat, 18 Nov 2017 16:16:49 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BA49DBECEB for ; Sat, 18 Nov 2017 16:16:49 +0000 (UTC) (envelope-from jau789@gmail.com) Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C1DF074D6B for ; Sat, 18 Nov 2017 16:16:48 +0000 (UTC) (envelope-from jau789@gmail.com) Received: by mail-lf0-x232.google.com with SMTP id k66so5798612lfg.3 for ; Sat, 18 Nov 2017 08:16:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=ooHbxg8MFHCxQ0Z5oaNLDvdv46DbRBflnkSfsPhCHEQ=; b=QMQuX2edcZrvT+t+vlVEx3cM11kkZxgOgm/qOpRZwWZ/yuxfiX2cpiJgavlaSfNhpA QBJc+N4JdxYfTwtMfuiiLRPYJm1ME7OXTGgiQ+i5iTRxnPeXIm8ruWbqG4nOGyru8wyS KQJ5RqOZo88K4MtrZasgrh6X+EynQeggFEI4EPE0zBC0T6V2ouPUL7aPYpA7z9nFjZmF ixm7qLlOiD6HDMG8zFLinuIOaSgeucrGwZeplPzU6MbtFSNBuup8PS6J+fmwdbGNag3B RtN69CqWcLXy8qhl736dkEU9mHr87j5pYfeN34PUYKauGDOmijoVKVFl2dEo3BZOGFbZ Lt8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=ooHbxg8MFHCxQ0Z5oaNLDvdv46DbRBflnkSfsPhCHEQ=; b=QNOGPwXArCWWu245hZMjNM1pCSztHaiXYsmVxg0ufP95rlhU5FJ/0b7TgCxas+1zG+ gaaMJN0qwOlAv6kZP1F3CIyQBL8VuMoef9BbK6g444Qx5xduHi720kBRY1mQLzCDiFrG zDaqB38mtzjV53cbuwN3PjEYcdhV6xfU4M5WVi7FoVtDYswvYJ+wnyk7qyvpRb+5aW3m R0OB0+HgZ0p8wTeBzRQF0XXlD5sspJsN7FIGKTvqNSf+yclUUfE49jJhGDblWjOsTIW3 HQ1ciK81CDTJX+pPpQ0fMepAy8Sao6DwLoNNisYDRdZjhqiTvZCT9WSRz5H349Q4PpPA 6TMw== X-Gm-Message-State: AJaThX5k+JEjyqZvU/SMvl/mxpJ1vVwukGfLJpZWq91SxtX6Z0vc0+Qv GkFkxkClJ0IEum+lzCTmf2MwJQ== X-Google-Smtp-Source: AGs4zMZPgmks1HAOOODT3Tv09AquXri/NRMAYVnCql4+o4cDMQG4hnJMuh7S+23J1LIKw92MrPb/AA== X-Received: by 10.46.42.134 with SMTP id q128mr2245484ljq.62.1511021806554; Sat, 18 Nov 2017 08:16:46 -0800 (PST) Received: from [192.168.1.131] (xdsl-205-1.nblnetworks.fi. [83.145.205.1]) by smtp.googlemail.com with ESMTPSA id o23sm1116898lfb.68.2017.11.18.08.16.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Nov 2017 08:16:45 -0800 (PST) From: "Jukka A. Ukkonen" To: questions@freebsd.org Subject: 10.4-stable systematically crashing inside pselect() when a tun device is used Message-ID: Date: Sat, 18 Nov 2017 18:16:44 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 16:16:49 -0000 Hello all, As briefly stated in the subject I have a 10-stable system on which I have been testing a program which opens either a tun device or a tap device, waits in pselect() for the descriptor to become readable, and then proceeds to read the packet/frame. When using a tun descriptor the pselect() call systematically panics the kernel with the complaints shown in the text dump snippet at the end of this message. When using a tap device the same code works just fine. After a little eyeballing I failed to notice any obvious reason for this in the tun device code. I hope someone who knows the tun device better might be able to tell me what should I see in this. At the very minimum I would expect the pselect() call to fail properly with an error code. Raising a panic and crashing the whole kernel gives me the impression that there is something very seriously wrong there. At least for now it just has not dawned to me what that something is. The system doing this is just another amd64 running 10-stable. So, this should not be a hardware related issue on a rarely used hardware. Any hints, pointers, helpful sophisticated guesses etc. would be welcome. —jau The following 12 lines were manually copied from a photo of the console display after the panic was triggered... Fatal trap 12: page fault while in kernel mode cpuid = 10; apic id = 13 fault virtual address = 0x8 fault code = supervisor read data, page not present instuction pointer = 0x20:0xffffffff80b29699 stack pointer = 0x28:0xfffffe03e72a8a70 frame pointer = 0x28:0xfffffe03e72a8ab0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor flags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi6: task queue) trap number = 12 The rest have been pulled from the core.text.0 file, but this is the apparently the exact same data that got dumped to the console display as well... trap number = 12 panic: page fault cpuid = 10 KDB: stack backtrace: #0 0xffffffff80a97b60 at kdb_backtrace+0x60 #1 0xffffffff80a57d26 at vpanic+0x126 #2 0xffffffff80a57bf3 at panic+0x43 #3 0xffffffff80e8b84d at trap_fatal+0x35d #4 0xffffffff80e8bb68 at trap_pfault+0x308 #5 0xffffffff80e8b1ca at trap+0x47a #6 0xffffffff80e6f93c at calltrap+0x8 #7 0xffffffff80aaa645 at taskqueue_run_locked+0xf5 #8 0xffffffff80aaa4f3 at taskqueue_run+0x93 #9 0xffffffff80a1f209 at intr_event_execute_handlers+0xb9 #10 0xffffffff80a1f676 at ithread_loop+0x96 #11 0xffffffff80a1c93a at fork_exit+0x9a #12 0xffffffff80e6fe7e at fork_trampoline+0xe Uptime: 11m7s Dumping 865 out of 16346 MB:..2%..12%..21%..32%..41%..52%..61%..71%..82%..91% From owner-freebsd-questions@freebsd.org Sat Nov 18 21:44:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1628DDDD4B1 for ; Sat, 18 Nov 2017 21:44:31 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DD2917ED5E; Sat, 18 Nov 2017 21:44:30 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (unknown [127.0.1.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 17D66BEFE; Sat, 18 Nov 2017 21:44:30 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 0F8329EF4; Sat, 18 Nov 2017 21:44:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id vJ5zYDiihaZk; Sat, 18 Nov 2017 21:44:21 +0000 (UTC) Subject: Re: using native-xtools's make and MACHINE, MACHINE_ARCH values DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 992C69EEF To: Guy Yur , freebsd-questions@freebsd.org References: From: Bryan Drewery Organization: FreeBSD Message-ID: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> Date: Sat, 18 Nov 2017 13:44:03 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="d0KnOamVpj5fRJHvfQxu5rDkwTOxTWww2" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 21:44:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --d0KnOamVpj5fRJHvfQxu5rDkwTOxTWww2 Content-Type: multipart/mixed; boundary="HmejCeRe7sWpRSTdGoJ0QgEaO5fQwbW9n"; protected-headers="v1" From: Bryan Drewery To: Guy Yur , freebsd-questions@freebsd.org Message-ID: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> Subject: Re: using native-xtools's make and MACHINE, MACHINE_ARCH values References: In-Reply-To: --HmejCeRe7sWpRSTdGoJ0QgEaO5fQwbW9n Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/18/17 7:26 AM, Guy Yur wrote: > Hi, >=20 > I am trying to use native-xtools's make (amd64 targeting armv7) > on an amd64 host in an armv7 chroot. My guess is that it's because you're using a chroot rather than a jail. When poudriere creates the jail with 'jail -c' it does not do things like setup the make.conf or even setup nxb-bin hardlinks. It only does this stuff at Jail Startup time (bulk/testport/jail -s). Checkout jail -s and jail -k rather than using a chroot. > (qemu-arm-static and binmiscctl used for the arm binaries.) > Running /nxb-bin/usr/bin/make -V MACHINE and -V MACHINE_ARCH it > reports amd64, amd64 not arm, armv7. > (12.0-CURRENT r325963) >=20 > Do I need to override MACHINE and MACHINE_ARCH explicitly when > running nxb's make or should it report the target values? >=20 > bmake is compiled with -DMAKE_NATIVE in usr.bin/bmake/Makefile > so it uses uname, sysctl to get the values. > If I add -UMAKE_NATIVE -DMAKE_MACHINE=3D\"${MACHINE}\" > -DMACHINE_ARCH=3D\"${MACHINE_ARCH}\" to the nxb's make > compilation it reports arm and armv7. > Turning off MAKE_NATIVE also affects other things so it is > probably not be the correct change to make. >=20 Poudriere sets MACHINE and MACHINE_ARCH in /etc/make.conf. It seems ok to me in a Jail. > # grep MACHINE /etc/make.conf > MACHINE=3Darm64 > MACHINE_ARCH=3Daarch64 > # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH > arm64 > aarch64 If I change it to something else it takes the value. > # grep MACHINE /etc/make.conf > MACHINE=3Dmachine > MACHINE_ARCH=3Dmachine_arch > # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH > machine > machine_arch As for chroot it's wrong: > # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH > amd64 > amd64 It's not using uname as far as I can tell. The /etc/make.conf is setup at Jail Startup time but the jail's /etc/login.conf is setup at 'jail -c' time currently, which sets UNAME_m and UNAME_p so uname should be fine anyway: > # grep arm /etc/login.conf > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,UNAME_r=3D12.0-CURRE= NT,UNAME_v=3DFreeBSD 12.0-CURRENT 1200051,OSVERSION=3D1200051,ABI_FILE=3D= /usr/lib/crt1.o,UNAME_m=3Darm64,UNAME_p=3Daarch64:\ --=20 Regards, Bryan Drewery --HmejCeRe7sWpRSTdGoJ0QgEaO5fQwbW9n-- --d0KnOamVpj5fRJHvfQxu5rDkwTOxTWww2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEzBAEBCgAdFiEE+Rc8ssOq6npcih8JNddxu25Gl88FAloQqaMACgkQNddxu25G l8/3XAgA0woUsJW4eVgnx2nbgKfxh0LxOj+jbKh1TXCHD/mXZFIq8IkvSCxcWQdu GQ6pK23uis+NWUEHFuuTQCCG8qeQroVYB+IMoI6eag4tW/ptxQn1oeN/INKZ1aGP iLYmtRvtoUdh82GBhs+v7naoAyRs85gPEOOAFKz4JLWHKFC60qYu7EjcasrvAkpl 20XAiis862NYq1lsOStSsV/b+mhekGvU9luVuAo/R7JQBmGgZqOp+x1r8o8qTWT4 y7eXrx7x16ojp4uhOnkW0k/pm9UBf9ZYJjq9KR6k4oBpDVsRCHAeKyPC4zBOvgDU 2VOCfGSbG3e/WLrqkuBeF0if5q0AjQ== =WlIA -----END PGP SIGNATURE----- --d0KnOamVpj5fRJHvfQxu5rDkwTOxTWww2-- From owner-freebsd-questions@freebsd.org Sat Nov 18 22:18:19 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA3C0DDDD3B for ; Sat, 18 Nov 2017 22:18:19 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 58D497FA22; Sat, 18 Nov 2017 22:18:19 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x230.google.com with SMTP id u83so3922651wmb.5; Sat, 18 Nov 2017 14:18:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bgsf7ngCCNvho0t3xRrQsW5kmlbjHS1WrKG8kbr7cs0=; b=Y6Su/J+Yq9w9vpWmctnL2HdIVocyWZVVeAIpGoIFO+4TAO8TI56LXgp0SpPd+TF0zm cKnI5iMUgcJqemNzAWE2Zasg1vKItrXy6OhALEbkVuD1/hitOGD2FnzxMb7ireGKCRzS 9rcpTLnGsFliwV0bEtQu3rAuVXXYE+3hvoGi/iOFtMIb4xVj9wXR2Aec3+eIxqVfWeAy KYQxDEkk//+FL20fkRbs/hYSHt0sIVlaW+J0NUioqpWT/uwrLLAd+Nmgbz3BrUlfjxzs OXJuozaJxG8f0ahRNoUpPOdtqwXctqAixzI0wubaSH+A0hUYaboi/mXp2p8NZZFaP/B0 pALQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bgsf7ngCCNvho0t3xRrQsW5kmlbjHS1WrKG8kbr7cs0=; b=PL8Kc7v0KcT3deB4MxEvBwHus9Nc6pOzD3L2ZNpotKIAIQuZKQg6AkW/dStuPVFk1p Mc/SxWhODVKckpoSEZvGbMTUbFdjdKzgapF8Uw7a43eiMcwKpbPC/xlKxEOnQxbgNiUO bqJjYRrBJpjLHyNF0bqrytFXm2QuCvX05nS3IXdEtSTNktfF99Ms4DmzVUWRXcGwYrHc NtcbmwBMRGE66p2QA0RFb9lUA6hiz3pdJWg3O4xRzzbWNjst7O9MOl9+pdaKKhFi+I2z j94TQDL6toOdunAY/L0jkAJA2EjVCsv45fCiMM6WsfSCCjNY+Dj12T7eOSL58i2pT1Y1 1G+A== X-Gm-Message-State: AJaThX6GyZidcWDe+jePXZmnGd49h6sWPQIKgC4yOpuo/c+3M4vegBdq UuVU6SuzU789vkayX1ubNK4mhm/sMSdoV73sz6M= X-Google-Smtp-Source: AGs4zMY3GPynK/66ZJaEbDfFUOVqqjmcUnrZqSBHCdS89in7epmvu4/WrtBHqFjM+2eNLrJpn+0JiyJTpLNYVmybL0A= X-Received: by 10.28.56.197 with SMTP id f188mr180021wma.35.1511043496615; Sat, 18 Nov 2017 14:18:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.40.214 with HTTP; Sat, 18 Nov 2017 14:18:15 -0800 (PST) In-Reply-To: References: <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> <20171117005738.V72828@sola.nimnet.asn.au> From: Cos Chan Date: Sat, 18 Nov 2017 23:18:15 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: Kurt Lidl , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 22:18:20 -0000 On Thu, Nov 16, 2017 at 10:40 PM, Cos Chan wrote: > > > On Thu, Nov 16, 2017 at 3:53 PM, Ian Smith wrote: > >> On Wed, 15 Nov 2017 11:02:30 -0500, Kurt Lidl wrote: >> > On 11/15/17 6:46 AM, Cos Chan wrote: >> > >> > > blacklistd.log: >> > > Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 >> > > for -1 seconds >> > > Nov 15 12:15:40 res blacklistd[22100]: rule exists OK >> > > Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 >> > > for -1 seconds >> > >> > The "-1 seconds" looks fishy to me. >> > >> > What is the /etc/blacklistd.conf on this machine? >> >> Whether or not the first block succeeded, which if it had, should have >> precluded another one two minutes later .. just on this point: >> >> -1 here means "never remove" ie duration='*', like nfail='*' is also set >> to -1 for 'never block'. Noticed in .. >> >> [ here /usr/head/src/contrib/blacklist/ ] >> bin/blacklistd.c: update(void) >> [..] >> if (c.c_duration == -1 || when >= ts.tv_sec) <<<---- >> continue; >> if (dbi.id[0]) { >> run_change("rem", &c, dbi.id, 0); >> sockaddr_snprintf(buf, sizeof(buf), "%a", ss); >> syslog(LOG_INFO, "released %s/%d:%d after %d >> seconds", >> buf, c.c_lmask, c.c_port, c.c_duration); >> } >> state_del(state, &c); >> >> One of the problems with blocklistd-helper is that return codes from it >> are mostly not checked, in some cases it's run as (void)run_change(..) >> so it's dependant on the helper script succeeding, and simply ignores >> any indicated failure - except possibly for an add operation, where it >> returns -1 if it gets a NULL response (empty string I assume) otherwise >> it returns 0 after copying the output string to the id (here always OK) >> .. but it seems nothing cares about the return code eithe rway .. >> >> A bit more about making the script more robust - and more informative >> for debugging, at least re ipfw - is slowly brewing, but I'm running out >> of spare time at the moment, and will have to quit digging this deep >> into code I'm unlikely ever to run myself :) >> >> [ Cos, do you get any different behaviour if you set duration to some >> value other than '*'? 30d should be near enough forever for testing ] >> > > RIght, I can't see same "increased after ipfw blocked" issue while I > change the * to 30d. > > I will check again tomorrow. > 2 days test on 30d configuration, there is no issue of increasing fail times after IPFW. So, only * option has such issue? > > >> >> cheers, Ian >> > > > > -- > with kind regards > -- with kind regards From owner-freebsd-questions@freebsd.org Sat Nov 18 22:52:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 094EDDDE934 for ; Sat, 18 Nov 2017 22:52:52 +0000 (UTC) (envelope-from guyyur@gmail.com) Received: from mail-wr0-x22b.google.com (mail-wr0-x22b.google.com [IPv6:2a00:1450:400c:c0c::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9336C80A31; Sat, 18 Nov 2017 22:52:51 +0000 (UTC) (envelope-from guyyur@gmail.com) Received: by mail-wr0-x22b.google.com with SMTP id u98so4978443wrb.13; Sat, 18 Nov 2017 14:52:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hdJT8+kerTukxZSr5S6vKwFjnQGRzwCr1EXgSPh7JIw=; b=hUiqGDKhPFA1NGfxX4MjQqOFhPe0BMs+UAVdv+z1uGyADH5SD3WgjyzAnjeBOwfIMP WH3YhpB3C4DUxMjQlXFUwkKTTf5dGvs6FK9LzVjpVxnZlKkeMm3s0r3BARmmv4YV4lmK BQZ3I6MHW5w5IP+jUjHu7NnX/jS17Y3vMxEZMaXY8j3zChPEsyaLJDch2JKHkVftWLcL x81+dztub/5scQtVn3it8J44n2/DbgQlgiNDD3AK/5EILbm0+JrXhgTkIA6vnqNDScs0 BC/sL4a71ho/6f/yS5ZmdiO1A6nuNTNdn4lOcz/QGF3KFWQFIXDLjmkax5Nk58Wf0pCC a9BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hdJT8+kerTukxZSr5S6vKwFjnQGRzwCr1EXgSPh7JIw=; b=kB9HPCx/34X0wFu+2CmAgnZF2ri7YhxT4V9GRWGy7/yULUs3Yo/mGgPu5voSB9rRTo vz62wK/zZv5ef71Plw8AAbNJ49j/8mDyvTMDqSmOOcrJtjFOMkuU35/zkyfIldcTRgNC y70aeRX3p2IrdtYjeV4usSqw8fmLIL8dvnyuBtlBEyam9x2q6LrcVChqI/BYVuAoug8m Pxy+bHJ0nGj++TWdX8Etd+oPqZPdInr8xoJBiLZDGd7gcMMn3cx9QWOTdPXJgwRZaHSs NoRZ/bB1D2iV7RtVF37HZk9o27SE1B7n0ctbxqLoLmUPIwqsyYVqlRYFZ6Bx0s3dN/Yo SWeQ== X-Gm-Message-State: AJaThX6LirRZ+jbnMLVrl1hLdbZ/aUeowWHts4AMVtJT/pIQfMcyT16W UYn3VW45Q5sRazYTlbicqsaCZGwPY7VzOE87ASTRVQ== X-Google-Smtp-Source: AGs4zMYpl6HbvoGgQ4TZ0xp5hSdiIIljMyPdd55DVdNX3k+YqBFuXv5fwPSLubqp8ZC1gK2VX0YitmlULq3j0ICOWj8= X-Received: by 10.223.176.8 with SMTP id f8mr8199562wra.80.1511045569389; Sat, 18 Nov 2017 14:52:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.197.67 with HTTP; Sat, 18 Nov 2017 14:52:48 -0800 (PST) In-Reply-To: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> References: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> From: Guy Yur Date: Sun, 19 Nov 2017 00:52:48 +0200 Message-ID: Subject: Re: using native-xtools's make and MACHINE, MACHINE_ARCH values To: Bryan Drewery Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 22:52:52 -0000 Hi, On 18 November 2017 at 23:44, Bryan Drewery wrote: > On 11/18/17 7:26 AM, Guy Yur wrote: >> Hi, >> >> I am trying to use native-xtools's make (amd64 targeting armv7) >> on an amd64 host in an armv7 chroot. > > My guess is that it's because you're using a chroot rather than a jail. > When poudriere creates the jail with 'jail -c' it does not do things > like setup the make.conf or even setup nxb-bin hardlinks. It only does > this stuff at Jail Startup time (bulk/testport/jail -s). > Checkout jail -s and jail -k rather than using a chroot. > > >> (qemu-arm-static and binmiscctl used for the arm binaries.) >> Running /nxb-bin/usr/bin/make -V MACHINE and -V MACHINE_ARCH it >> reports amd64, amd64 not arm, armv7. >> (12.0-CURRENT r325963) >> >> Do I need to override MACHINE and MACHINE_ARCH explicitly when >> running nxb's make or should it report the target values? >> >> bmake is compiled with -DMAKE_NATIVE in usr.bin/bmake/Makefile >> so it uses uname, sysctl to get the values. >> If I add -UMAKE_NATIVE -DMAKE_MACHINE=\"${MACHINE}\" >> -DMACHINE_ARCH=\"${MACHINE_ARCH}\" to the nxb's make >> compilation it reports arm and armv7. >> Turning off MAKE_NATIVE also affects other things so it is >> probably not be the correct change to make. >> > > > Poudriere sets MACHINE and MACHINE_ARCH in /etc/make.conf. It seems ok > to me in a Jail. > >> # grep MACHINE /etc/make.conf >> MACHINE=arm64 >> MACHINE_ARCH=aarch64 >> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >> arm64 >> aarch64 > > If I change it to something else it takes the value. > >> # grep MACHINE /etc/make.conf >> MACHINE=machine >> MACHINE_ARCH=machine_arch >> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >> machine >> machine_arch > > As for chroot it's wrong: > >> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >> amd64 >> amd64 > If I set them in /etc/make.conf it works in a chroot as well. But shouldn't a crosstool make have the MACHINE and MACHINE_ARCH of the target regardless of where it is running? clang built by native-xtools has Target set to the target arch. I can try to prepare and try to upstream a patch for an option to compile bmake for cross-compilation of same os version but different archs if it will be useful. > > It's not using uname as far as I can tell. The /etc/make.conf is setup > at Jail Startup time but the jail's /etc/login.conf is setup at 'jail > -c' time currently, which sets UNAME_m and UNAME_p so uname should be > fine anyway: > > >> # grep arm /etc/login.conf >> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,UNAME_r=12.0-CURRENT,UNAME_v=FreeBSD 12.0-CURRENT 1200051,OSVERSION=1200051,ABI_FILE=/usr/lib/crt1.o,UNAME_m=arm64,UNAME_p=aarch64:\ > make uses uname(3) for MACHINE and I see UNAME_m affects it. For MACHINE_ARCH it uses HW_MACHINE_ARCH sysctl(3) which isn't effected by UNAME_p. Of course, MACHINE/MACHINE_ARCH can be overriden in /etc/make.conf after the initial value is set by uname/sysctl. So I guess I will have to set MACHINE and MACHINE_ARCH explicitly in make.conf like Poudriere. Thanks, Guy > > -- > Regards, > Bryan Drewery > From owner-freebsd-questions@freebsd.org Sat Nov 18 22:56:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B78C2DDEBA2 for ; Sat, 18 Nov 2017 22:56:31 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 79DC880D8D; Sat, 18 Nov 2017 22:56:31 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (unknown [127.0.1.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 8CEC8CA82; Sat, 18 Nov 2017 22:56:30 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 5EAF89F5D; Sat, 18 Nov 2017 22:56:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id jTJV5dF5Mx36; Sat, 18 Nov 2017 22:56:25 +0000 (UTC) Subject: Re: using native-xtools's make and MACHINE, MACHINE_ARCH values DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 43C9B9F58 To: Guy Yur Cc: freebsd-questions@freebsd.org References: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> From: Bryan Drewery Organization: FreeBSD Message-ID: <04a972e9-16b7-7751-dbee-4af0a598d84b@FreeBSD.org> Date: Sat, 18 Nov 2017 14:56:15 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="KTjQ9dpunS9e5KXEsDPfPo8qsBLv6xOvR" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 22:56:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KTjQ9dpunS9e5KXEsDPfPo8qsBLv6xOvR Content-Type: multipart/mixed; boundary="GwlVgmTma4PLoxVqof5FjSG7hWAI0wXFQ"; protected-headers="v1" From: Bryan Drewery To: Guy Yur Cc: freebsd-questions@freebsd.org Message-ID: <04a972e9-16b7-7751-dbee-4af0a598d84b@FreeBSD.org> Subject: Re: using native-xtools's make and MACHINE, MACHINE_ARCH values References: <9961305b-1b1e-8de0-8df8-94bc427cbbee@FreeBSD.org> In-Reply-To: --GwlVgmTma4PLoxVqof5FjSG7hWAI0wXFQ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/18/17 2:52 PM, Guy Yur wrote: > Hi, >=20 > On 18 November 2017 at 23:44, Bryan Drewery wrot= e: >> On 11/18/17 7:26 AM, Guy Yur wrote: >>> Hi, >>> >>> I am trying to use native-xtools's make (amd64 targeting armv7) >>> on an amd64 host in an armv7 chroot. >> >> My guess is that it's because you're using a chroot rather than a jail= =2E >> When poudriere creates the jail with 'jail -c' it does not do things >> like setup the make.conf or even setup nxb-bin hardlinks. It only doe= s >> this stuff at Jail Startup time (bulk/testport/jail -s). >> Checkout jail -s and jail -k rather than using a chroot. >> >> >>> (qemu-arm-static and binmiscctl used for the arm binaries.) >>> Running /nxb-bin/usr/bin/make -V MACHINE and -V MACHINE_ARCH it >>> reports amd64, amd64 not arm, armv7. >>> (12.0-CURRENT r325963) >>> >>> Do I need to override MACHINE and MACHINE_ARCH explicitly when >>> running nxb's make or should it report the target values? >>> >>> bmake is compiled with -DMAKE_NATIVE in usr.bin/bmake/Makefile >>> so it uses uname, sysctl to get the values. >>> If I add -UMAKE_NATIVE -DMAKE_MACHINE=3D\"${MACHINE}\" >>> -DMACHINE_ARCH=3D\"${MACHINE_ARCH}\" to the nxb's make >>> compilation it reports arm and armv7. >>> Turning off MAKE_NATIVE also affects other things so it is >>> probably not be the correct change to make. >>> >> >> >> Poudriere sets MACHINE and MACHINE_ARCH in /etc/make.conf. It seems o= k >> to me in a Jail. >> >>> # grep MACHINE /etc/make.conf >>> MACHINE=3Darm64 >>> MACHINE_ARCH=3Daarch64 >>> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >>> arm64 >>> aarch64 >> >> If I change it to something else it takes the value. >> >>> # grep MACHINE /etc/make.conf >>> MACHINE=3Dmachine >>> MACHINE_ARCH=3Dmachine_arch >>> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >>> machine >>> machine_arch >> >> As for chroot it's wrong: >> >>> # /nxb-bin/usr/bin/make -V MACHINE -V MACHINE_ARCH >>> amd64 >>> amd64 >> >=20 > If I set them in /etc/make.conf it works in a chroot as well. >=20 > But shouldn't a crosstool make have the MACHINE and MACHINE_ARCH > of the target regardless of where it is running? Not expected to, no. Perhaps it makes sense but there's no reason for it right now. > clang built by native-xtools has Target set to the target arch. >=20 > I can try to prepare and try to upstream a patch for an option > to compile bmake for cross-compilation of same os version but > different archs if it will be useful. >=20 >> >> It's not using uname as far as I can tell. The /etc/make.conf is setu= p >> at Jail Startup time but the jail's /etc/login.conf is setup at 'jail >> -c' time currently, which sets UNAME_m and UNAME_p so uname should be >> fine anyway: >> >> >>> # grep arm /etc/login.conf >>> :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,UNAME_r=3D12.0-CUR= RENT,UNAME_v=3DFreeBSD 12.0-CURRENT 1200051,OSVERSION=3D1200051,ABI_FILE=3D= /usr/lib/crt1.o,UNAME_m=3Darm64,UNAME_p=3Daarch64:\ >> >=20 > make uses uname(3) for MACHINE and I see UNAME_m affects it. > For MACHINE_ARCH it uses HW_MACHINE_ARCH sysctl(3) > which isn't effected by UNAME_p. > Of course, MACHINE/MACHINE_ARCH can be overriden in > /etc/make.conf after the initial value is set by uname/sysctl. > > So I guess I will have to set MACHINE and MACHINE_ARCH > explicitly in make.conf like Poudriere. Sorry I missed that you were not using Poudriere. What's the use case her= e? >=20 > Thanks, > Guy >=20 >> >> -- >> Regards, >> Bryan Drewery >> --=20 Regards, Bryan Drewery --GwlVgmTma4PLoxVqof5FjSG7hWAI0wXFQ-- --KTjQ9dpunS9e5KXEsDPfPo8qsBLv6xOvR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEzBAEBCgAdFiEE+Rc8ssOq6npcih8JNddxu25Gl88FAloQupEACgkQNddxu25G l8/aaAf+KA6W9ENLaqZIiCN5LsOE+BTHXiENKAutlNx3cN6Ivhcq+mNtLZWgIt3y NjPKyLISOgQH0470XMSHvGMhZNc+V7hsUYFr5JN87HyzfTCYiXlvj19rJeVvmiza pd0+UtjRDkOEQKW/+WjctW80L6gD1fG8TUv9kJaqzESG4XeZP5YcTKGhyGkqNUcu 9UM/IPnfIv8cjq0nXMnJEjArDZyYQ+XArCD0yvTEElnjhBlWM/lxkAaWu9i8GieV UrwLQy5haatAC1pt6+BG6PD0C3JnpO868evP4UZPiicRK11JE0YX1Lmt0Xiov6aZ XetUILiMWlyTGmdZ7zvgVk4ZCZi4Wg== =cXmN -----END PGP SIGNATURE----- --KTjQ9dpunS9e5KXEsDPfPo8qsBLv6xOvR--